From: InfoSec News (isnC4I.ORG)
Date: Wed Apr 04 2001 - 01:27:24 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nytimes.com/2001/04/03/business/03FLAW.html

By JOHN MARKOFF
April 3, 2001

SAN FRANCISCO, April 2 - New computer security flaws have been
discovered in a popular wireless local area networking standard
increasingly used by both corporations and consumers.

The flaws could make it possible for an intruder who is physically
close to a wireless computer network to masquerade as a legitimate
user in a supposedly private network.

The issue is a crucial one, computer security experts said, because
wireless computing networks are rapidly being deployed in corporate
offices, potentially giving access to corporate networks that have in
the past been physically protected by lock and key.

The new research comes on the heels of a report last year by an Intel
Corporation researcher, followed by similar research done earlier this
year by computer scientists at the University of California at
Berkeley, both describing weaknesses in the data-scrambling technique
used in the wireless standard known as 802.11B.

Those earlier reports had already sent the industry on a search for
new ways to protect the wireless data systems, which have gained
increasing popularity on corporate and academic campuses, in airports
and coffee houses and in inexpensive and convenient home networks.

Now the new report, by a group of three researchers at the University
of Maryland led by the computer scientist William A. Arbaugh, suggests
that simple fixes to the protocol may be more difficult to achieve
than had been thought.

In a draft of a paper titled "Your 802.11 Wireless Network Has No
Clothes," the researchers describe how the access control systems that
are designed to protect wireless networks against hostile users can,
in fact, be easily deceived.

The researchers said that in many cases wireless networks were being
incorrectly configured so that the wireless access point is actually
inside a corporate or home user's firewall the device that protects a
network from attack from those outside leaving the network and its
resources vulnerable.

"We're seeing a great proliferation of wireless activity now in
products, and people have not paid close enough attention to the
security issues," Mr. Arbaugh said. "When we began looking at this I
was flabbergasted by what I found."

The 802.11 wireless standard, which permits laptop and desktop
computers to share data at office networking speeds over distances of
several hundred feet, was first popularized by Apple Computer two
years ago in its Airport product.

Since then, many other computer manufacturers have rushed to add
wireless features to their products. In March, Intel dropped its
commitment to a competing standard known as HomeRF and threw its
weight behind the 802.11 standard.

In the last six months a number of new companies have begun deploying
wireless networks in public areas like airports, cafes and even
ballparks. In the San Francisco Bay area, Airwave, a company based in
Palo Alto, Calif., has established dozens of networks in public
places. The company permits use of the networks on either a
subscription plan or a pay-as-you-go arrangement

Computer security experts said, however, that the 802.11 wireless
security standard, known as wired equivalent privacy, might expose
corporate data in ways that little thought is being given to.

"I think this is an enormous concern," said Arion Lawrence, principal
consultant at Predictive Systems, a Reston, Va., network consulting
firm. "We're now hearing stories of people driving down the street in
places like San Francisco and peeking into computer networks in
corporate offices."

In a report issued last October, Jesse R. Walker, a researcher at
Intel, reported that the encryption approach used by the privacy
standard was badly flawed and that no matter how long of an encryption
key is used, it can easily be broken.

Mr. Walker, now a member of a special industry task force that has
been working to fix the security flaws in the 802.11 standard, said
that the group was aware of both the access and encryption flaws and
had begun circulating a draft revision of the standard.

But he added that he believed it might take as long as a year before
products that are secure are commercially available. In some cases, he
said, wireless users may have to replace their systems entirely to
repair the security flaws.

"Some of these boxes are designed to be cheap and low powered, and so
silicon has been custom made to do only one thing," Mr. Walker said.

The University of Maryland researchers discovered that access control
in the 802.11 standard can easily be circumvented by someone who
"sniffs" or eavesdrops on a wireless network to get the address of a
legitimate network card inside and then forges that address onto one
of his own.

They also said that they had looked at several systems developed by
private vendors that were designed to enhance the security of the
802.11 system but found that the augmentations actually undercut
security in some cases.

"This is a question of sloppiness," said Mr. Arbaugh, who said he was
shocked at the design flaws when he began exploring various commercial
applications of the 802.11 standard. "Usually security flaws are
subtle, but these just jumped out at us."

Currently at least one manufacturer, the Lucent Corporation, sells two
different models of wireless network cards and charges a higher price
for the version that encrypts data using a longer 128-bit key.

An industry committee has held several meetings to design a new
security setup for the wireless standard, but no fix has yet been
agreed upon.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]