We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Wireless LANs face security risks

Encryption algorithm insecure on wireless networks

A security weakness in the encryption standard used within IEEE 802.11b-based wireless LANs (local area networks) has been uncovered.

Three cryptographers in the US have described a practical way of attacking the key scheduling algorithm of the RC4 cipher, in a paper entitled (somewhat unimaginatively) Weaknesses in the key scheduling algorithm of RC4. The RC4 cipher forms the basis of the WEP (Wired Equivalent Privacy) encryption that is used in IEEE 802.11b (also known as WiFi) wireless networks.

The paper's authors discovered several ways to uncover patterns in packets of information passing over wireless LANs. These patterns can be used to figure out the WEP encryption 'key' and the number used to scramble the data being transmitted. Once the key is recovered, it can be used to decrypt the messages.

The authors say using a longer key, one of 128 bits compared to the current WEP standard of 40 bits, does not make it significantly harder for attackers to uncover the process.

"Even with WEP, the hacker world has come up with programs to unscramble the codes and decipher all the packets," agreed Raymond Poon, associate director of computing services at City U, Hong Kong's City University. "Unless there's a better design for WEP algorithms, we'll have to wait for something more mature to evolve that will have everything enabled." City U uses wireless LANs extensively.

According to university officials, finding an encryption code that has not yet been hacked continues to be a dilemma.

Security experts said that although wireless LAN encryption is based on a pre-shared secret key, anyone with the same key can eavesdrop. Yet it does not necessarily mean that all deployments of wireless LANs will be affected by the WEP security hole.

This may seem only of specialist interest, but more and more places are being 'wirelessed up', such as business class lounges in airports and other public places.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model