802.11 Subject to Hacks

The Internet industry Monday learned wireless security protocols are not all that secure, as researchers at the University of California at Berkeley found that hackers could crack the Wired Equivalent Privacy algorithm, part of the 802.11b schema that prevents people from picking up wireless signals.

802.11b is used in home networks, on college campuses, corporate networks and airports — pretty much anywhere a local area network is used.

The team, including two students and two professors, reported their findings on the their computer science department’s Web site and said the code is subject to four types of attacks — one passive, two active and one that builds after a day’s activity.

The researchers found that data could be modified — inserted or deleted — without detection. But what may be most alarming, is that the algorithm may be breached remotely by a perpetrator using a standard computing device, such as a laptop.

WEP is also designed to prevent unauthorized access to a wireless network. The team said WEP relies on a key that is shared between a mobile station (a laptop with a wireless ethernet card) and an access point (ie. a base station). The key encrypts packets before they are transmitted while an integrity check is used to ensure that packets are not modified in transit.

The researches said most organizations use a single key, while more sophisticated key techniques should be employed.

Chris Rouland is director of Internet Security Solutions’ X-Force, a group that specializes in setting up intrusion detection networks for businesses. Rouland, who had seen the Berkeley Web site, told InternetNews.com Monday that it looks as if the researchers were “right on target” with their findings.

“We haven’t seen any tools yet that hackers are using to attack this with yet,” Rouland stressed. “But given the findings I would imagine some people are unplugging their computers today.”

Rouland said the way ISS approaches such a situation is that the Internet is treated as a hostile environment — if something can be done on the Internet it can be done inside corporate networks.

“The risk can be mitigated by setting up 802.11 with a virtual private network on top of it,” Rouland said. “Because physically, the vulnerability is analogous to someone sitting right down at a computer in a company and logging in.”

Rouland said he does not expect a rewrite of the algorithm anytime soon and that corporations may see the VPN as a requirement more so now than ever before.

However, having examined the details dictated by the researchers at Berkeley, Rouland said that his X-Force would be able to identify attack techniques on someone’s network, but admitted that it would be difficult to track down the perpetrators because there is no “latitude or longitude” when someone attacks using a wireless device.

As for the team who made the discovery, he said their efforts are commendable.

“I wonder how long it took them to do it,” Rouland said.