Wireless LAN flaw poses security risk

The potentially dangerous flaw in the encryption algorithm designed to protect wireless LANs has some serious security...

The potentially dangerous flaw in the encryption algorithm designed to protect wireless LANs has some serious security implications.

The authors of the research paper outlining the attack, which is capable of undermining the 128-bit version of Wired Equivalent Privacy (WEP) encryption algorithm, discovered several ways to uncover patterns in packets of information passing over wireless LANs.

The patterns can be used to discover the WEP encryption key and the number used to scramble the data being transmitted.

The researchers say that using the longer key - 128 bits compared to the current WEP standard of 40 bits - does not make it significantly harder for attackers to unlock the process.

For organisations and institutions, the discovery has different implications.

At Hong Kong's City University - which has one of the territory's largest wireless LAN installations with 200 access points and more than 1,000 users - the fallibility of WEP encryption has not yet surfaced because the network is too old.

Raymond Poon, associate director of computing services at the university, said: "Our wireless LAN was implemented a long time ago, so our access points do not support any type of encryption."

But most users still rely on the wireless LAN for Web access, and the university depends on the Web-based security applications such as Secure Socket Layer (SSL) protocol to secure data.

Finding an encryption code that has not yet been hacked continues to be a dilemma, said university officials.

Poon said that while there have been about two or three cases where security was compromised on the central network, he could not confirm the total number of hacking incidents on separate application areas.

"Even with WEP, the hacker world has come up with programs to unscramble the codes and decipher all the packets," Poon said. "Unless there's a better design for WEP algorithms, we'll have to wait for something more mature to evolve that will have everything enabled."

Security experts said that although wireless LAN encryption is based on a pre-shared secret key, anyone with the same key can eavesdrop. Yet it does not necessarily mean that all deployments of wireless LANs will be affected by the WEP security loophole.

At Hong Kong's Chek Lap Kok airport, the Cathay Pacific lounges, which are equipped with a wireless LAN, are unlikely to be exposed to the risk because WEP is not deployed there.

Allan Dyer, chief consultant at the network security firm Yui Kee Computing, said: "They could ask users to pick up a unique secret key when they entered the lounge, but that would be rather unimaginable."

But although wireless LAN users at the airport are no more vulnerable than they were before the flaw was identified, they should still take necessary precautions, warned Dyer. "Their data was open before, it still is. If they are actually transferring confidential information, they should use another encryption layer between their mobile device and their trusted network, such as a Virtual Private Network (VPN), Secure Shell (SSH) or SSL."

The Wireless Ethernet Compatibility Alliance (WECA) maintains that enterprise users should continue to use WEP because only skilled cryptoanalysts will be able to attack the weaknesses. The industry group said that enterprises could also use existing tools for additional security, such as VPNs, IPSec and Radius authentication servers.

Read more on Antivirus, firewall and IDS products