Wireless networks leave holes for hackers

[InfoSec News <isn () C4I ORG>]

http://news.cnet.com/news/0-1004-201-4722179-0.html?tag=mn_hd

[Also check out: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html ]

By Lisa M. Bowman
Special to CNET News.com
February 5, 2001, 4:25 p.m. PT

Computer scientists at University of California at Berkeley have
uncovered a security vulnerability that could let hackers intercept
and alter transmissions passing through wireless networks such as
Apple Computer's AirPort.

The group found holes in the Wired Equivalent Privacy algorithm, or
WEP, a security measure used by the wireless networks that let people
surf the Internet while wandering around their homes or offices,
without being tethered by cables. Such networks use radio antennas to
transmit content between a remote port and a computer or other
wireless device.

In their report, the researchers discovered that hackers could
eavesdrop on transmissions, or they could interject messages, alter
the network, and build systems that would enable them to glean
passwords.

Though Apple led the adoption of the technology with its AirPort
system, it's now available for PCs--and gaining popularity as more
people go wireless. Toshiba is installing the system on its
top-of-the-line laptops, and Starbucks is putting it in its
coffeehouses. Even American Airlines' Admiral's Club is offering it to
executives passing through major airports.

The UC Berkeley scientists urge people using such systems, which run
on a standard known as 802.11, to adopt stronger security measures to
prevent such exploits.

"The products possess all the necessary monitoring capabilities, and
all that remains for attackers is to convince it to work for them,"
the researchers wrote.

Nikita Borisov, a Berkeley graduate student on the team that
discovered the problem, said people who use WEP should also use a VPN
(virtual private network) or additional encryption software to prevent
others from snooping while they surf.

"My fear is that because the hardware that you buy now says it has
encryption included, people will think their data is secure," Borisov
said.

He said someone with a strong antenna could tap into a network from as
far away as a mile if there's no interference.

The research group, which includes Borisov, Berkeley professor David
Wagner and recent graduate Ian Goldberg, also criticized the creators
of WEP, saying they failed to include cryptographers during the
development process.

"Had this been done, the problems stated here would have surely been
avoided," their report said.

Security experts called the discovery a major vulnerability but said
it would be difficult to exploit. For one, hackers would have to be
physically near or inside the premises where the network they wanted
to crack was located.

"This is not anything someone is going to do from around the world
with an Internet connection," said David Perry, Public Education
Director of security firm Trend Micro.

The cracker also would need to run complicated software and work on a
machine that's 802.11-compatible.

The Berkeley researchers warned that it's possible for someone to
create scripts that would allow people without much technical
knowledge to exploit the holes.

Perry said the discovery will probably force companies to beef up
their physical security to ensure no one gets close enough to their
networks to break in. It will also alert companies to the possibility
that wireless networks can make industrial espionage easier.

"I would think twice about powering up my laptop in the Admiral's Club
at the San Jose Airport," he said.

At the least, the discovery highlights the vulnerability of wireless
networks, which are sure to grow along with the widespread adoption of
Web-enabled devices including cell phones, watches and PDAs (personal
digital assistants).

"It's going to be possible in the future for malicious code exploits
to take advantage of the fact that a guy walking down the street is
broadcasting from seven different devices," Perry said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".