News

Security flaw discovered in wireless Lan 802.11 and 11b

Antony Adshead
Security weaknesses have been found in wireless Lan standard 802.11 and 802.11b by a University of California at Berkeley research team, writes Antony Adshead.

The security hole exists in the wireless equivalent privacy (WEP) algorithm. The research team discovered numerous ways of intercepting and modifying transmissions even if access to the network had been restricted.

In particular, the team found it could decrypt traffic using statistical analysis, transmit new traffic from unauthorised mobile stations, decrypt traffic by tricking the wireless access point, and mount a dictionary-based attack - which analyses a day's worth of traffic to allow real-time decryption.

The group said inexpensive equipment could be used to mount the attacks and recommended that those using 802.11 wireless equipment should not rely on WEP for security. The vulnerability occurs in both 40-bit and 128-bit versions.

WEP is designed to protect wireless Lans from eavesdropping and prevent unauthorised access. It uses a secret key shared between a mobile station, such as a laptop, and the base station access point. It encrypts packets as they are sent and carries out an integrity check to ensure no modification has been made in transit.

Butler Group senior analyst Mark Blowers downplayed the risk. "The best way a company can protect itself is by having a security policy - wireless networks are no more insecure than fixed networks," he said.

"However, with wireless networks, management needs to determine the specific risks associated - is wireless suitable for all traffic or should only certain types be transmitted that way?"

Wireless Lan supplier 3Com said the WEP standard is a simple defence against everyday threats but conceded that it is susceptible to sophisticated hacker attacks.

The Berkeley paper advises use of higher level security, such as virtual private networks.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy