We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Wireless LANs face security risks

Encryption algorithm insecure on wireless networks

A security weakness in the encryption standard used within IEEE 802.11b-based wireless LANs (local area networks) has been uncovered.

Three cryptographers in the US have described a practical way of attacking the key scheduling algorithm of the RC4 cipher, in a paper entitled (somewhat unimaginatively) Weaknesses in the key scheduling algorithm of RC4. The RC4 cipher forms the basis of the WEP (Wired Equivalent Privacy) encryption that is used in IEEE 802.11b (also known as WiFi) wireless networks.

The paper's authors discovered several ways to uncover patterns in packets of information passing over wireless LANs. These patterns can be used to figure out the WEP encryption 'key' and the number used to scramble the data being transmitted. Once the key is recovered, it can be used to decrypt the messages.

The authors say using a longer key, one of 128 bits compared to the current WEP standard of 40 bits, does not make it significantly harder for attackers to uncover the process.

"Even with WEP, the hacker world has come up with programs to unscramble the codes and decipher all the packets," agreed Raymond Poon, associate director of computing services at City U, Hong Kong's City University. "Unless there's a better design for WEP algorithms, we'll have to wait for something more mature to evolve that will have everything enabled." City U uses wireless LANs extensively.

According to university officials, finding an encryption code that has not yet been hacked continues to be a dilemma.

Security experts said that although wireless LAN encryption is based on a pre-shared secret key, anyone with the same key can eavesdrop. Yet it does not necessarily mean that all deployments of wireless LANs will be affected by the WEP security hole.

This may seem only of specialist interest, but more and more places are being 'wirelessed up', such as business class lounges in airports and other public places.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......