New wireless LAN vulnerabilities uncovered

Seven months after researchers at the University of California discovered flaws in the encryption algorithm protecting wireless...

Seven months after researchers at the University of California discovered flaws in the encryption algorithm protecting wireless local area networks (LANs), experts have uncovered a new, more dangerous method of attack.

Researchers from Rice University and AT&T Labs published a paper on 6 August outlining a new passive attack capable of defeating the 128-bit version of the Wired Equivalent Privacy (WEP) encryption algorithm used to protect 802.11 wireless LANS.

In their paper, the researchers state that all industry standard 802.11 wireless LANs should be viewed as insecure and those users should "treat all systems that are connected via 802.11 as external". They also urged corporate users to "place all access points outside the firewall".

Unlike the Berkeley attack, which required skilled hackers to break the encryption keys, this new attack method "is much stronger and much easier for a generic person to carry out", said Adam Stubblefield, a graduate student at Rice and co-author of the report. "The adversary is completely passive. He can just listen to the network traffic and the victim will never know they've been compromised."

The new attack method discovered by Stubblefield and Aviel Rubin, a researcher at AT&T Labs, came one week after Scott Fluhrer at Cisco and Itsik Mantin and Adi Shamir at the Weizmann Institute in Israel published a paper describing the attack in theory. Stubblefield took that paper and, using a $100 (£70) wireless LAN card he purchased from Linksys Group, proved after less than two hours worth of coding that it was possible to recover the 128-bit secret WEP key used in wireless LANS.

However, Rubin said it is important to point out that generic 128-bit encryption is still secure and that this most recent discovery demonstrates flaws in the way WEP uses the WEP RC4 cypher. "You can take cyphers that use a 128-bit key and design or use them in an unsecured way. In WEP, it's a flawed design," he said.

Though WEP today uses 64-bit encryption, the industry plans to move to a 128-bit key for additional protection in a new standard due out later this year. But, the Fluhrer paper said existing weakness in WEP means a successful attack can be mounted against "any key size", including "the revisited version WREP2".

Fluhrer and his colleagues said that WEP could be cracked by exploiting what they called "large classes of weak keys" in the protocol that make it vulnerable to attack. The Fluhrer paper added that attackers could also target another related key vulnerability by exposing part of the key to the attacker. Attackers can "then rederive the secret part by analysing the initial word of the key streams with relatively little work".

John Pescatore, an analyst at Gartner, said his company had been telling clients for some time to run virtual private networks to secure wireless LANs. "Treat WLANs like you do the Internet," said Pescatore. "Don't trust the security [that's] built in."

"Some of the vendors like Cisco have built in better security than WEP, but Rubin's attack against streaming crypto shows the need to run proven stuff like IPSec or [Secure Socket Layer]."

Read more on Antivirus, firewall and IDS products