All Wi-Fi security is not equal. New attack methods could enable hackers to access older networks in just a few minutes.
Most people follow the mantra that if it ain't broke, you shouldn't fix it.
But when it comes to security matters, sticking with the WEP technology found in older Wi-Fi routers could prove costly. WEP encryption has been superseded by a stronger, harder-to-crack wireless security standard known as WPA. If your router offers the choice of WEP or WPA, the latter is the one to go for.
Nevertheless, a significant two-fifths of businesses – and an even higher percentage of home users – still use WEP. The problem here isn't simply that someone can piggyback your wireless network, using your bandwidth to get online to check their email or download hefty files at no cost to themselves. A vulnerable network with insufficient encryption can be hacked and valuable data leeched from it.
In the US, the biggest known data breach of 2006 enabled hackers to gain access to 94 million bank card numbers. Hackers were able to acquire these having hacked the wireless network of retailer TJX – a network secured using WEP.
But the latest proof-of-concept breach demonstrates even more clearly why it's time to trade in WEP for stronger WPA encryption – or the updated version, WPA2.
Security researcher Vivek Ramachandran has developed what's known as the Caffè Latte technique – so-called because the hack enables the attacker to break through WEP protection on a client machine such as a laptop in the time it takes the unsuspecting owner to drink a cup of coffee.
In the past, hackers have focused on using WEP flaws to break into wireless networks. This process involves driving to a hotspot and cracking the WEP key to gain direct access to the network. Ramachandran's technique instead targets attached devices, tricking the WEP-enabled client into thinking that it's logging on to a familiar network.
The technique could give crooks the keys to any wireless network to which the laptop or device had access, including that of a hacked laptop owner's company.
"With the discovery of our attack, every employee of an organisation is the target of an attack," says Ramachandran.
NEXT PAGE: how to defeat such attacks > >