Security risk exposed in wireless networks

Security flaws have been discovered in a wireless local area network (Lan) standard, which could expose corporate networks to eavesdroppers and unauthorised personnel.

The vulnerabilities, which were uncovered by researchers at the University of California at Berkeley and security firm Zero-Knowledge Systems, appear in an algorithm of the Wi-Fi 802.11 wireless Lan standard. Ironically the algorithm was designed to protect against hack attacks.

Vendors, including Cisco and Apple, currently sell tools based on the Wi-Fi standard and many US airports and hotels have begun setting up compliant networks. According to researcher Cahners In-Stat, some 10 million Wi-Fi radios will be deployed worldwide by the end of this year.

Called Wired Equivalent Privacy (WEP), the algorithm relies on a secret key that is shared between a laptop, a wireless ethernet card and an access point or a base station. The key is used to encrypt packets of information and check that they are not being modified in transit.

According to the researchers, the flaws could open networks to several styles of attack and they warned users not to rely on WEP for security.

The types of possible attack include "passive", which allows hackers to decrypt traffic based on statistical analysis; "active", whereby attackers inject new traffic from unauthorised mobile stations or decrypt traffic by tricking the access point; and "dictionary-building", in which all traffic is decrypted automatically and in real-time by analysing a day's worth of traffic.

Nikita Borisov, one of the researchers at Berkeley University, said: "We found ways to modify transmissions as they're being sent. And we found ways to access the network even if it's restricted."