Potentially Dangerous Wireless LAN Threats Discovered

Researchers: All standard 802.11 wireless LANs should be considered insecure

Seven months after researchers at the University of California at Berkeley discovered flaws in the encryption algorithm designed to protect wireless LANs, a different group of experts has uncovered what they say is a new and more dangerous method of attack.

Researchers from Rice University in Houston and AT&T Labs in Florham Park, N.J., published a paper on Aug. 6 outlining a new passive attack that is capable of defeating the 128-bit version of the Wired Equivalent Privacy (WEP) encryption algorithm used to protect 802.11 wireless LANS.

The researchers state in their paper that all industry-standard 802.11 wireless LANs should be viewed as insecure and that users should "treat all systems that are connected via 802.11 as external." They also urge corporate users to "place all access points outside the firewall."

Unlike the Berkeley attack, which required skilled hackers to break the encryption keys, this new attack method "is much stronger and much easier for a generic person to carry out," said Adam Stubblefield, a graduate student at Rice and co-author of the report. "The adversary is completely passive. He can just listen to the network traffic, and the victims will never know they've been compromised."

The new attack method discovered by Stubblefield and Aviel Rubin, a researcher at AT&T Labs, came one week after Scott Fluhrer at Cisco Systems Inc. and Itsik Mantin and Adi Shamir at the Weizmann Institute of Science in Israel published a paper describing the attack in theory. Stubblefield took that paper and, using a $100 wireless LAN card he purchased from Linksys Group Inc. in Irvine, Calif., proved after less than two hours of coding that it was possible to recover the 128-bit secret WEP key used in wireless LANs.

However, Rubin said, it's important to note that generic 128-bit encryption is still secure and that this most recent discovery demonstrates flaws in the way WEP uses the WEP RC4 cipher. "You can take ciphers that use a 128-bit key and design or use them in an unsecure way. In WEP, it's a flawed design," he said.

Though WEP currently uses 64-bit encryption, the industry plans to move to a 128-bit key for additional protection in a standard due later this year.

But, the Fluhrer paper said, existing weaknesses in WEP mean a successful attack can be mounted against "any key size," including "the revisited version WEP2."

John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc., said his company has been telling clients for some time to run virtual private networks to secure wireless LANs. "Treat [wireless] LANs just like you do the Internet. Don't trust the security [that's] built in," Pescatore.

"Some of the vendors, like Cisco, have built in better security than WEP, but Rubin's attack against streaming crypto shows the need to run proven stuff like IPSec or [Secure Sockets Layer]," he added.

Yang Min Shen, senior manager of wireless systems at Symbol Technologies Inc. in Holtsville, N.Y., said his company offers the Kerberos network authentication protocol to fend off the kind of key-sniffing Stubblefield exploited. That attack took advantage of a static key, Shen said, and Kerberos could have deflected it with software that allows the changing of keys as often as every five minutes.

Symbol has a contract to supply wireless LAN hardware to Atlanta-based United Parcel Service Inc. for the world's largest deployment of 802.11 systems.

Related stories:

Copyright © 2001 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon