BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Friday, 28 December, 2001, 09:00 GMT
Security overhaul for wireless networks
Padlock securing factory gates, BBC
Experts are looking for better ways to lock data up
The security of wireless networks is getting a make-over in an attempt to secure them from drive-by hacking attacks.

Respected security firm RSA has found a way to improve the notoriously weak encryption system used by wireless networks.

However, some experts fear that the fix comes too late to save the reputation of wireless networks and the only way to protect them is to use other security systems.

Others say the RSA-improved security will not help all wireless network users as many are still not taking the most basic steps to protect themselves.

Secure packets

Of late, wireless, or Wifi, networks have become very popular because they are cheap and easy to set up, and remove the need for lots of unsightly, expensive cables.

The damage has already been done as far as Wep is concerned

Bob Brace, Nokia
However, the method Wifi networks use to scramble data, known as Wireless Equivalent Privacy (Wep), has been comprehensively defeated by both security professionals and hackers.

The vulnerabilities have led some hacker groups to engage in "war-driving" expeditions which map wireless networks and show which ones are open to attack.

To improve Wep, RSA has developed "Fast Packet Keying" which gives each packet of data its own encryption key. Anyone gathering data from such a network would have a much harder job breaking into the packets of information.

RSA pointed out that the fault with Wep did not lie with the RSA-authored RC4 algorithm it used to encrypt data.

Instead, it lay with the way that the computers were sharing a wireless network and the hub shuffling data around all of them.

Wep provided too little protection for the way that hubs and the connected computers decided on how to encrypt data packets travelling through the air.

Security experts found that by capturing packets they could gradually work out the encryption key being used to scramble the data passing across the network.

With enough information, a determined malicious hacker could find the key to descramble all the data passing across a network.

Protection problems

But some experts fear that the system developed by RSA will not do enough.

"The damage has already been done as far as Wep is concerned," said Bob Brace, from Nokia's internet communications division which develops security systems to protect voice and data networks. "Users see it as a weak security system."

London city at night, BBC
Many wireless networks in the City of London are vulnerable
Other security experts fear that a beefed up encryption system will do little to protect wireless network users.

Ian Peacock, a consultant at net security firm Defcom, said often many companies failed to even turn on the Wep encryption system when they installed a wireless network.

He said security audits by Defcom of wireless networks used by its clients showed that some failed to take even the most basic precautions.

"The number of networks around the City [of London] that do not have Wep enabled is scary," he said. "Those that set up and use the latest technology often do not appreciate that there are emergent security issues."

Mr Peacock said the ease with which wireless networks could be set up fooled many people into thinking their new network was secure.

However, he said, the start-up settings of many wireless networks meant they were vulnerable to attack.

Despite the shortcomings there is a lot that users can do to protect themselves.

"There's a shortlist of at least 20 things you can change to make wireless networks more secure," he said.

At the very least, anyone using a wireless network should change default IDs, turn on Wep, place the network behind its own firewall and use extra levels of encryption to secure traffic passing across it and into other corporate networks.

See also:

06 Nov 01 | Sci/Tech
Wireless networks wide open
17 Oct 01 | Sci/Tech
Hackers take to the air
26 Jan 01 | Sci/Tech
Toasting the crackers
25 Aug 00 | Sci/Tech
Hacking risk for broadband internet
22 May 01 | Sci/Tech
Cheese beats crackers
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories