Computer Crime Research Center

Wireless hacking threat grows

(by Karen Dearne)

THE growing popularity of wireless technology is opening corporate networks to hackers as administrators face a trade-off between security and demand for easy access.

Companies are rolling out wireless networks because they are cheaper and more flexible than cable, but the nature of wireless and lack of strong encryption technologies means they are vulnerable to attack.

While warchalking - marking of pavements to indicate a wireless access point, or hotspot - was not yet common here, two types of people were taking note, VeriSign enterprise consultant Richard Miller said.

Some were looking for free wireless access to the internet. But others were seeking useful information on corporate networks they entered.

Pressure to provide wide-ranging access to users meant some wireless networks were operating in default mode - either deliberately or inadvertently.

Most wireless networks relied on wired equivalent privacy (WEP) - a flawed encryption standard that was being urgently upgraded, Mr Miller said.

"Unfortunately, wireless functionality is directly inverse to security," Mr Miller said. "That's why all vendors ship their products without security turned on.

"To join a network, all the machines on that network must have the same ID, so devices are shipped with default ID."

This universality allowed people to use any open network - like those systems broadcasting from city office blocks - and public access points in cafes and airport lounges, he said.

Many people didn't realise public access points only worked because there was no encryption - and any unencrypted transmission could be easily intercepted.

"Business executives who connect to the corporate network over an airport or cafe access point risk exposing their whole network," Mr Miller said.

"A hacker can be sitting nearby with a coffee and a laptop, pretending to be working, just soaking up the networks.

"You can certainly get enough information to identify networks belonging to companies that may be of particular interest to you."

Because of this vulnerability and with stronger encryption for 802.11 wireless systems still a couple of years away, virtual private networks were the only safe option for corporate use, Mr Miller said.

VPNs allow wireless devices to connect outside the corporate firewall.

Secure wireless
- Turn on encryption - No default passwords - Turn on MAC (media access control) address filtering


Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907

Rambler's Top100 Rambler's Top100