Users login

Create an account »


Users login

Home » Hacking News » Off-the-shelf methods to carry out an attack

Off-the-shelf methods to carry out an attack

by baqad on November 28th, 2001 The security protocol containing the vulnerability is called Wired Equivalent Privacy (WEP), and it's used to protect local area networks (LANs) employing the 802.11 standard.

WEP contains an algorithm called RC4 that's designed to shield transmissions between a mobile station (for example, a laptop with a wireless Ethernet card) and a base station system.

Several research groups have uncovered a variety of problems in WEP, which is deployed in wireless networks at numerous homes, offices, hospitals and airports. The researchers from Rice University in Houston, Texas, and AT&T performed their recent attack after reading a detailed and highly scientific description of the vulnerability written several weeks ago by Scott Fluhrer from Cisco Systems, and Itsik Mantin and Adi Shamir from The Weizmann Institute of Science in Israel

Fluhrer, Mantin and Shamir are expected to present certain aspects of their findings publicly at a cryptography symposium next week in Toronto, Canada.

"We show that RC4 is completely insecure in a common mode of operation, which is used in the widely deployed Wired Equivalent Privacy protocol," reads the findings' summation by Fluhrer, Mantin and Shamir -- who is the "S" in the distinguished RSA cryptosystem

The researchers from Rice and AT&T essentially then applied these technical findings to a "real world" implementation and released a paper with their conclusions on Monday.

"It is a complete and devastating break of the security of wireless networks," said Avi Rubin of AT&T Labs in New Jersey. Rubin led one of the teams that administered the recent attack in only hours after taking a few days to prepare. Rice University's Adam Stubblefield and John Ioannidis also participated.

"Given this attack, we believe that 802.11 networks should be viewed as insecure," the statement reads.

"What we did is important because we proved that virtually all of the wireless networks used by companies and hospitals are completely open and offer no protection for the data on them," said Rubin.

In fact, since the publication of the paper detailing the vulnerability, Rubin says both private companies and several United States government agencies have contacted his office.

Industry group downplays new findings

But the industry group that certifies and promotes the use of 802.11 networks says the Rice University and AT&T report doesn't offer any new information, and that it's already working to solve the problem.

"All the information that exposes the weakness . . . is outlined in the Fluhrer, Mantin and Shamir paper," said Dennis Eaton, vice chairman of the Wireless Ethernet Compatibility Alliance, or WECA. "It (the action carried out by Rice and AT&T) is like somebody following instructions and saying, 'Guess what? It worked.'"

Fluhrer, Mantin and Shamir were part of the development team for the RC4 algorithm, said Eaton, and WECA's relationship with them is viewed as promoting scientific discovery in a cooperative manner.

But he did not have the same opinion of the efforts by Rice and AT&T.

"We've looked at their paper, and there is no new science here," he said. "It's not helpful at all."

Eaton says WECA is "aggressively" working to upgrade the security of its networks. But he added that the group has long urged users, especially those who have sensitive information to transmit, to fortify security with measures such as password protections, firewalls, or virtual private networks.

The vulnerability affects only devices with the 802.11 card installed, not the average laptop, cell phone or PDA (personal digital assistant).

"Basically this has to do with people who are in range of the radio, of the antenna and its access point, being able to pick up the traffic that's come to the wireless point and being able to decode it and read it," said Denny Arar, senior editor at PC World.

"So for now . . . people who deal with sensitive data would probably be advised to avoid them as much as possible, especially if they are in public places where people can come within range and grab that stuff in the ether,"

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »