Cafe Latte attack steals data from Wi-Fi users
WEP whomped in disturbing Toorcon demonstration
IDG News Service - If you use a secure wireless network, hackers may be able to steal data from your computer in the time it takes to have a cup of coffee.
At the Toorcon hacking conference in San Diego this coming weekend, security researcher Vivek Ramachandran, will demonstrate a technique he's developed to attack laptops that use the WEP (Wired Equivalent Privacy) encryption system to log on to secure wireless networks.
Developed in the late 1990s, WEP was the default method of securing Wi-Fi networks. Though the WPA (Wi-Fi Protected Access) system replaced it, about 41 percent of businesses continue to use WEP. That percentage is even higher among home users, security experts say.
That's unfortunate because WEP has been riddled with security problems. In fact, WEP was blamed (PDF format) for the recent TJX Companies Inc. data breach, in which thieves were able to access 45 million credit- and debit-card numbers.
To date, however, researchers have tended to focus on exploiting WEP flaws in order to break into wireless networks. That generally meant that the attacker would roll up near the WEP-encrypted router, crack the WEP key used to encrypt network traffic and then log on to the network.
Ramachandran, a senior wireless security researcher with AirTight Networks Inc., has taken a look at the client side of things and developed a way of tricking a WEP-enabled client into thinking that it is logging on to a network that it already knows.
His technique, which he calls the Cafe Latte attack, allows an attacker to circumvent firewall protection and attack the laptop or to set up a "man-in-the-middle" attack and snoop on the victim's online activity. "Until now, the conventional belief was that in order to crack WEP, the attacker had to show up at the parking lot," he said. "With the discovery of our attack, every employee of an organization is the target of an attack."
There are several steps to Cafe Latte, all of which exploit known flaws in the WEP architecture. First, the attacker programs a laptop computer to act like a malicious wireless network, setting up shop in an Internet cafe or an airport. The malicious PC then begins communicating with other Wi-Fi laptops in range, figuring out the name of the WEP-enabled routers that these laptops are programmed to look for and then cracks the keystream encryption code required to send messages to the victim's laptop.
Knowing the keystream only gets the attacker halfway. To truly crack the WEP encryption key and read messages coming from the victim, the attacker must somehow trick the victim into sending a large amount of information -- about 70,000 messages, actually -- to the malicious network. Those messages could then be analyzed and cracked using WEP-cracking tools.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts