[ISN] Wireless network group discloses new vulnerability

From: InfoSec News (isnat_private)
Date: Mon Aug 06 2001 - 01:11:38 PDT

  • Next message: InfoSec News: "[ISN] McAfee wins patent for online services system"

    Friday, Aug. 3, 2001
    NEW YORK (Reuters) - Researchers have discovered a way to quickly
    break through the security system that protects the leading corporate
    wireless networking system, a trade group said Friday.
    While computer security experts had previously uncovered weaknesses in
    Wi-Fi, a standard for wireless data communication also known as
    802.11b, the latest discovery is being treated with more concern
    because it is more feasible and takes less time to carry out.
    The new attack allows a hacker to discover the ``secret key'' used to
    encrypt data before it goes into the air.
    The group that promotes the Wi-Fi standard, which briefed reporters
    and analysts prior to the publication of a paper that details the
    vulnerability, said it had long urged wireless network users to
    supplement Wi-Fi's built-in security system with stronger encryption
    ``Companies that have something worth attacking are likely to -- and
    if they're not, they certainly should -- put in other forms of network
    protection,'' David Cohen, the chairman of the Wireless Ethernet
    Compatibility Alliance, said in an interview.
    Wi-Fi, backed by technology giants including Intel Corp. and Cisco
    Systems Inc., has caught on in places beyond corporate campuses,
    including airports, hotels and other public spaces, letting computer
    users reach the Internet without attaching any wires.
    Wednesday, the alliance, known as WECA, said it had added to its board
    of directors Microsoft Corp., which will support Wi-Fi networks in its
    new Windows XP operating system.
    Despite its popularity, critics have long said Wi-Fi was vulnerable to
    attack by hackers.
    Early this year, a group of security experts at the University of
    California at Berkeley discovered weaknesses in the Wired Equivalent
    Privacy, or WEP, algorithm -- the security system used in Wi-Fi
    In March, researchers at the University of Maryland published a report
    entitled ``Your 802.11 Wireless Network Has No Clothes,'' that claimed
    wireless networks are vulnerable to attack.
    Wi-Fi's backers responded by saying the Berkeley report was far too
    complex to be widely implemented, and that WEP should not be used by
    itself to protect sensitive data.
    Navin Sabharwal, a wireless analyst at research firm Allied Business
    Intelligence, said WEP is no longer seen as a secure way to protect
    data over wireless networks.
    ``WEP is pretty much defunct,'' Sabharwal said. ``It's sort of the
    curse of any wireless protocol: ultimately, no matter what algorithm
    you choose, you're basically going to be assured that its going to be
    susceptible to hacking.''
    The new paper was written by Scott Fluhrer of Cisco Systems Inc. as
    well as Itsik Mantin and Adi Shamir of The Weizmann Institute in
    Israel, WECA said. Neither of the three experts could immediately be
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 07:54:03 PDT