Intern proves WLAN encryption protocol vulnerable
EE Times: Intern proves WLAN encryption protocol vulnerable. Stubblefield, working as an intern at AT&T Labs with AT&T research staff members John Ioannidis and Aviel Rubin, used the $100 Prism II-based Linksys PC card and a Linux driver that could capture encrypted WEP packets to perform the attack.
Links:
- The attack, described in a recent paper by Fluhrer, Mantin & Shamir , is the most deadly to date on the embattled protocol, allowing for the rapid retrieval of the network key through passive means — regardless of the key bit length.
- A copy of Stubblefield’s report can be found online through the Rice University Web site.
Quote from Stubblefield’s report:
Given this attack, we believe that 802.11 networks should be viewed as insecure.
We recommend the following for people using such wireless networks.
- Assume that the link layer offers no security.
- Use higher-level security mechanisms such as IPsec [3] and SSH [8] for
security, instead of relying on WEP.- Treat all systems that are connected via 802.11 as external. Place all access
points outside the firewall.- Assume that anyone within physical range can communicate on the network
as a valid user. Keep in mind that an adversary may utilize a sophisticated
antenna with much longer range than found on a typical 802.11 PC card.
[via Tomalak’s Realm]
