Forty-one percent of businesses — and an even higher percentage of home users, say experts — still use WEP (Wired Equivalent Privacy), an outdated and vulnerable Wi-Fi security protocol. Trust us when we tell you the phrase: "if it ain't broke, don't fix it" is not the motto to live by when it comes to wireless-network security.
A WEP vulnerability was behind the biggest known US data breach, at retail giant TJX last year; hackers gained access to 94 million payment card numbers. But the latest proof-of-concept breach should be even more of a clarion call to trade in WEP for the superior WPA (Wi-Fi Protected Access).
An attacker using security researcher Vivek Ramachandran's "Cafe Latte" technique, as it's known, could break through WEP protection on a client machine — such as your laptop — in the time it takes to enjoy a cup of coffee.
Previously, hackers have focused on using WEP flaws to break into wireless networks, a process that involves driving to a hotspot and cracking the WEP key to gain direct access to the network. Ramachandran’s technique instead targets attached devices, tricking the WEP-enabled client into thinking that it is logging on to a familiar network.
The technique would give crooks the keys to any wireless network to which the laptop or device had access, including that of a hacked-laptop owner’s company.
"With the discovery of our attack, every employee of an organisation is the target of an attack," says Ramachandran.
So there you go. Upgrade your Wi-Fi to WPA, and do it today.