02 August 2006, 12:18

Critical holes in Intel's Centrino WLAN drivers

Laptops getting hacked by passers-by - while there have long been theories about this scenario, it may soon become a reality at airports, train stations and trade fairs. Intel has just warned of three holes in its Centrino and PRO/Wireless drivers for Windows. Back in June, David Maynor from Internet Security Systems (ISS) and Jon Ellch announced a presentation for vulnerabilities that had been found in WLAN drivers. They intended to present them at the Black Hat conference that starts today.

One of the holes, made public by Intel, can allow attackers to plant and execute malicious code on a laptop without the computer being logged into a WLAN. It needs only be in the broadcast range for specially crafted frames to be sent the laptop. WLAN is activated by default on most laptops.

The second hole can be exploited to inject code into the driver using manipulated frames. With the help of an application running on the system, the hacker can then acquire system rights. Intel did not describe exactly how the process works. The manufacturer has nevertheless categorized the hole as critical. No exploits for the hole are circulating to this point. The third hole can only be exploited by registered users with restricted rights, allowing them to reach sensitive data.

The holes are present in drivers for Intel's Intel PRO/Wireless 2100, 2200BG, 2915ABG and 3945ABG Network Connection and Intel Centrino 2100, 2200BG and 2915ABG, (including w22n50.sys, w22n51.sys, w29n50.sys, w29n51.sys). Not all three flaws are present in each driver, though. Intel has provided a table: Wireless LAN Products Security Information.

Intel has released new drivers that close the holes. They can be downloaded here. Intel is also offering a tool to be downloaded that determines whether the vulnerable drivers are installed on a given laptop: Intel Wireless Ethernet Device and Driver Identification Guide. The manufacturer recommends installing the updates as soon as possible.