Home: www.packetnexus.com
Wi-Fi Security - Don't Think Out of the Box By Stephanie Losi, Wireless.NewsFactor.com The increasingly popular Wi-Fi (aka 802.11b) wireless networking standard took a harsh blow earlier this month, when a report by cryptography experts pinpointed a critical flaw in the standard's WEP (wired equivalent privacy) security protocol. Attackers could exploit this flaw to gain access to an entire WLAN (wireless local area network) in a short period of time, according to the experts. To make matters worse, the exploit was passive: Attackers could glean data by eavesdropping on network traffic, making them virtually undetectable. But that report was based on theoretical research, and would-be wireless crackers needed a certain level of know-how to attempt an attack. Those good ol' days ended last week with the release of AirSnort, a program that automates the attack process so anyone with a Linux (news - web sites) box and a wireless networking card with a Prism2 chipset can download the program and exploit WEP's weakness. "Just like many years ago the SATAN tool was released on the Internet that let unsophisticated hackers break into wired computers, Snort is a similar tool for the wireless world," Gartner research director for network security John Pescatore told Wireless NewsFactor. SATAN (Security Administrator Tool for Analyzing Networks), released in 1995 by Wietse Venema and Dan Farmer, caused an uproar because it allowed network administrators (and intruders) to scan wired networks for vulnerabilities. Out Here in the Fields One might wonder about the rationale behind releasing such a program to the public -- but in an FAQ (frequently asked questions) document, AirSnort creators Blake Hegerle and Jeremy Bruestle of Internet services firm Cypher42 wrote: "We felt that the only proper thing to do was to release the project. It is not obvious to the layman or the average administrator how vulnerable 802.11b is to attack. Yes, AirSnort can be used as a cracking tool, but it can also be used to settle arguments over the safety of WEP." In addition, according to the FAQ, "The only sane assumption to make is that a malicious hacker would have developed a tool like this. While we are troubled by the fact that script kiddies can get their hands on this tool, we still figure that the benefits of full disclosure outweigh the risks. If you disagree, it's just an academic debate, since we cannot withdraw this program." Attack Time Varies The time it takes to decipher the secret key to a WLAN varies according to the amount of traffic on the network. AirSnort programmer Hegerle told Wireless NewsFactor that an attack program developed by AT&T researchers -- but not released to the public -- reportedly could recover keys faster. "AirSnort has, for us, only operated effectively after 10 million packets," Hegerle said. "Stubblefield, et. al., [at AT&T] have reported that it took them 5 to 6 million packets. We have yet to try it against a real network; all of our estimates come from information gleaned from our (very small) wireless test network. "If the AT&T paper turns out to be true against real networks, it would only take about an afternoon. The only thing that is certain is that the attack time is dependent on the network being attacked," Hegerle added. Long-Term Benefits AirSnort's release obviously deals major damage to 802.11b WLAN security in the short term, but it may have more positive effects for wireless security -- althoug