The Internet industry Monday learned wireless security protocols are not all
that secure, as researchers at the University of California at Berkeley
found that hackers could crack the Wired Equivalent Privacy algorithm, part
of the 802.11b schema that prevents people from picking up wireless signals.
802.11b is used on college campuses, corporate networks and airports — pretty much
anywhere a local area network is used.
The team, including two students and two professors, reported their findings
on the their computer science department’s Web site and said the code is
subject to four types of attacks — one passive, two active and one that
builds after a day’s activity.
The researchers found that data could be modified — inserted or deleted —
without detection. But what may be most alarming, is that the algorithm may
be breached remotely by a perpetrator using a standard computing device, such as a lap-top.
WEP is also designed to prevent unauthorized access to a wireless network.
The team said WEP relies on a key that is shared between a mobile station (a
laptop with a wireless ethernet card) and an access point (ie. a base
station). The key encrypts packets before they are transmitted while an
integrity check is used to ensure that packets are not modified in transit.
The researches said most organizations use a single key, while more
sophisticated key techniques should be employed.
Chris Rouland is director of Internet Security Solutions’ X-Force, a group
that specializes in setting up intrusion detection networks for businesses.
Rouland, who had seen the Berkeley Web site, told InternetNews.com Monday
that it looks as if the researchers were “right on target” with their
“We haven’t seen any tools yet that hackers are using to attack this with
yet,” Rouland stressed. “But given the findings I would imagine some people
are unplugging their computers today.”
Rouland said the way ISS approaches such a situation is that the Internet is
treated as a hostile environment — if something can be done on the Internet it can be
done inside corporate networks.
“The risk can be mitigated by setting up 802.11 with a virtual private
network on top of it,” Rouland said. “Because physically, the vulnerability
is analogous to someone sitting right down at a computer in a company and
Rouland said he does not expect a rewrite of the algorithm anytime soon and
that corporations may see the VPN as a requirement more so now than ever
However, having examined the details dictated by the researchers at
Berkeley, Rouland said that his X-Force would be able to identify attack
techniques on someone’s network, but admitted that it would be difficult to
track down the perpetrators because there is no “latitude or longitude” when
someone attacks using a wireless device.
As for the team who made the discovery, he said their efforts are
“I wonder how long it took them to do it,” Rouland said.