Security weaknesses have been found in wireless Lan standard 802.11
and 802.11b by a University of California at Berkeley research
team, writes Antony Adshead.
The security hole exists in the wireless equivalent privacy
(WEP) algorithm. The research team discovered numerous ways of
intercepting and modifying transmissions even if access to the
network had been restricted.
In particular, the team found it could decrypt traffic using
statistical analysis, transmit new traffic from unauthorised mobile
stations, decrypt traffic by tricking the wireless access point,
and mount a dictionary-based attack - which analyses a day's worth
of traffic to allow real-time decryption.
The group said inexpensive equipment could be used to mount the
attacks and recommended that those using 802.11 wireless equipment
should not rely on WEP for security. The vulnerability occurs in
both 40-bit and 128-bit versions.
WEP is designed to protect wireless Lans from eavesdropping and
prevent unauthorised access. It uses a secret key shared between a
mobile station, such as a laptop, and the base station access
point. It encrypts packets as they are sent and carries out an
integrity check to ensure no modification has been made in
transit.
Butler Group senior analyst Mark Blowers downplayed the risk.
"The best way a company can protect itself is by having a security
policy - wireless networks are no more insecure than fixed
networks," he said.
"However, with wireless networks, management needs to determine
the specific risks associated - is wireless suitable for all
traffic or should only certain types be transmitted that way?"
Wireless Lan supplier 3Com said the WEP standard is a simple
defence against everyday threats but conceded that it is
susceptible to sophisticated hacker attacks.
The Berkeley paper advises use of higher level security, such as
virtual private networks.