Software engineers have developed a fix to prevent hackers probing for weaknesses in wireless networks and gaining unauthorised access.
A major problem with the encryption used to protect the most-widely used wireless network standard, called 802.11, was discovered by researchers at the Weizmann Institute in Israel and US networking company Cisco in August 2001.
They found that, by tapping into a small amount of encoded wireless network traffic, an eavesdropper could determine patterns in the encryption used to control access. This could allow them to determine the passwords that provide access to the network.
Other programmers quickly developed tools that make use of the hole to break automatically into wireless networks and tests have shown that many networks are vulnerable to the approach.
Advertisement
Second guessing
The trouble stems from a flaw in the Key Scheduling Algorithm that is part of the WEP (Wired Equivalent Privacy) standard. This algorithm generates the different keys used to encrypt each packet of data sent across the network – but the algorithm was found to be too predictable.
To solve the problem, US security companies RSA and Hifn have developed a replacement for the Key Scheduling Algorithm called Fast Packet Keying. This generates each packet key in a less predictable manner, preventing eavesdroppers from unlocking a wireless network.
UK computer security consultant Matt Bevan says that the new system is “a lot more secure” than the existing standard but also says that it has yet to undergo widespread public scrutiny. He adds that the onus will be on system administrators to implement the new technology as standard.
The original 802.11 standard was developed by the Institute of Electrical and Electronics Engineers and the new modifications have been accepted by them for inclusion into a revised standard. The new protection can be applied by wireless network administrators in a software patch, according to RSA.
