Flaws in Wireless Security Detailed

Computerworld - Las Vegas
A cryptologist who discovered several gaping holes in the international standard governing the design of wireless network devices and the encryption algorithm meant to protect those networks last week detailed vulnerabilities that could be leaving corporate systems open to hackers.
Ian Goldberg, a cryptologist at Montreal-based security and privacy software developer Zero-Knowledge Systems Inc., along with researchers at the University of California, Berkeley, uncovered flaws in the IEEE 802.11 standard. Goldberg published a paper (www.isaac.cs.berkeley.edu/isaac/wep-faq.html) on the findings earlier this year and made one of his first public appearances about it at the annual Black Hat hacker conference here.
Hardware and software vendors use 802.11 to develop wireless Ethernet cards. The Wired Equivalent Privacy (WEP) algorithm is designed to provide the same level of security for wireless devices that a physical network cable can.
"We have demonstrated attacks on WEP that defeat each of the security goals" it was designed to address, including data confidentiality, network- access control and data integrity, said Goldberg, who showed slides demonstrating the mathematical proof that such exploits are possible to an applauding crowd of hackers and security professionals.
"We can read WEP-protected traffic, we can inject traffic onto WEP-protected networks, we can modify WEP-protected data," he said.
Goldberg and other security experts recommended that to counter the threat, all companies should use additional authentication systems, such as virtual private networks or IPSec, before allowing data to cross from a wireless network to an intranet or other corporate system. He said some products will be coming out soon to address these vulnerabilities, but they will be proprietary.
Drive-by Hacking
Hackers can often park their cars in a company's parking lot and simply "become a node" on the firm's wireless network - known as authentication spoofing, said Goldberg. "Unlike physical cables, it's really difficult to control how far radio waves go," he said.
Hackers can travel the entire length of Market Street in San Francisco "and basically not lose 802.11 coverage" while picking up wireless LAN signals in their cars, he said.
Mandy Andress, president of Dublin, Calif.-based ArcSec Technologies Inc., said WEP is particularly vulnerable to hackers in cars. She said there have been cases where hackers have used parabolic dishes to pick up wireless network signals from as far as eight miles away.
One of the most significant problems found in the WEP algorithm includes weaknesses in the way WEP encrypts packets of data using a stream cipher.
Through a series of computations, hackers can eventually uncover the plain text of certain encrypted messages and use those packets to intercept and decrypt messages encrypted with the same key, which is known as an Initialization Vector packet collision.
In addition, many commercial wireless Ethernet cards are vulnerable to hacks stemming from use by all mobile network clients of the same encryption key, said Goldberg.
"Attackers just need to know a single plain-text packet and its corresponding encrypted packet," which can be attained by pinging a company's network or sending spam traffic, Goldberg explained. "It's a correct encryption of the message, so the receiver has no reason to reject it."
That could allow hackers to do things like inject packets of data into financial transactions that contain changed dollar amounts, Goldberg said.
"WEP is assumed to be cracked now," said Chris Rouland, director of the X-Force vulnerability research unit at Internet Security Systems Inc. in Atlanta. "If you watch enough good traffic on a WEP network, you can crack everything in about 12 hours."
Newton, Mass.-based consultancy Cahners In-Stat Group has forecast that the wireless LAN market will reach $2.2 billion by 2004.

Wireless Standards 1 2 Next » Recommend Digg Twitter ShareThis Email Print Send Feedback Reprints Jump to comments Security Additional Resources Xerox Win a color printer! By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer! Microsoft Upgrade to Internet Explorer 8 today. Save time and mitigate security risk. Deploy it now. Sybase NEXT-GENERATION MOBILITY PLATFORMS In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions. Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase. White Papers & Webcasts Share our Strength Download Now   Lower the Cost and Complexity of a Mobile Workforce through Automation Download This Resource Now! Top 10 Things to Know about Data Protection Download Now   Managing Mobility: Improve Data Security, Compliance and Manageability Download This Resource Now! Top 10 Actions a CIO Can Take to Prepare for a Hurricane Download Now   Managing Secure File Transfer to Save Time, Money and IT Resources Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with... Ponemon Study: The Business Risk of a Lost Laptop Download Now   Security Convergence Equals Network Security Cost Savings Listen to IBM Internet Security Systems' take on network security convergence. Airport Insecurity: The Case of Lost Laptops Download Now   Disaster Recovery 2008: Reduced Costs and Improved Performance How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this... All White Papers | All Webcasts Computerworld Reports 8 Questions To Ask About Your Intrusion-Security Solution Computerworld Technology Briefings IT Service Management Computerworld Briefing - Analytics: The Art and Science of Better All Computerworld Reports Sign up to receive updates on the latest Security resources   White Papers Share our Strength Top 10 Actions a CIO Can Take to Prepare for a Hurricane Airport Insecurity: The Case of Lost Laptops Optimizing Information Insight: How to Make Fast, Reliable Decisions Based on Consolidated Information Encompassing All Your Data Retooling IT for a Mobile Workforce: The Importance of Automation The Forrester Wave™: Web Filtering, Q2 2009 PCI DSS Compliance in the UNIX/Linux Datacenter Environment A Process-based Approach to Protecting Privileged Accounts & Meeting Regulatory Compliance From Trust to Process: Closing the Risk Gap in Privileged Access Control Can Heuristic Technology Help Your Company Fight Viruses? Top 10 Things to Know about Data Protection Ponemon Study: The Business Risk of a Lost Laptop Mitigating Litigation Risk with Email Management Tools Solving On-premise Email Challenges with On-demand Services Leverage the full power of VMware The Forrester Wave™: Email Filtering, Q2 2009 Privileged Access Lifecycle Management: How PALM Enables Security, Compliance, and Efficiency for Enterprise IT Preventing Data Breaches in Privileged Accounts Using Access Control The State of PCI DSS Compliance at Organizations Today Why Email Must Operate 24/7 and How to Make This Happen Sponsored Links Play NetApp's New Data Defense Game. Return on Information: Google Enterprise Search pays you back. Get the facts. How Do You Rank as an Innovation Leader? Download Recent Study. See how AT&T can help protect your network. 3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010. Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More 64-page prescriptive guide to security, compliance, and IT operations. Streamline IT Costs. Boost Performance with WAN Optimization Enterprise Network & Server Monitoring Software. Cross over to Traverse... Increase UPS efficiency without sacrificing protection Crystal Reports Server: Single server access to reports & dashboards Create new opportunities. See business making progress now ESET NOD32 with ThreatSense(R) - Get your free trial now! Looking to add Unix/Linux functionality to Windows? Join the conversation about the hottest IT trends with Computerworld on Twitter. ITwhitepapers.com - Access thousands of white papers on 300+ technical topics. Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Introducing: Project Icebreaker Stay informed with custom newsletters from Tech Dispenser New DW Options and Price Points. View Teradata Platform Family Data Sheet. To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial Play NetApp's New Data Defense Game. Take the Netezza TwinFin TestDrive! NetScaler VPX : Harness the Power of Virtualized Web App Delivery Get more enterprise mobility value for up to 25% less. Unified Communications: Thoughts, Strategies and Predictions. Join the discussion. NYUs M.S. in Management and Systems. Offered Online and On-site. Crystal Reports Server: More options. Not more money. Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval. Tolly Performance Report  "Citrix NetScaler with nCore Outperforms F5 BIG-IP" Save up to 61% plus Free Cheesecake Find IT jobs in the Healthcare industry on Dice.com With the NEW KODAK i700 Series Scanners get full speed at 300dpi! Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.