Wi-fi security system is 'broken'

More holes have been picked in the security measure designed to protect the privacy and data of wi-fi users.

The latest attack lets criminals defeat firewalls and spy on where someone goes and what they do online.

It comes after a series of other attacks that, experts say, have left the basic protection in wi-fi comprehensively "broken".

But compatibility issues mean that many will have no alternative but to use the much weakened protection system.

The basic security measure in the technical specification for wireless networks, 802.11, is known as Wired Equivalent Privacy.

WEP encrypts data flying back and forth between a computer and an access point to stop people spotting and stealing confidential information.

It does this using an encryption key but numerous attacks have shown how easy it is to get hold of this key and unlock access to the wi-fi network or your data.

"WEP as a security measure is so broken that your (and everyone else's) kid sister can easily circumvent it," said computer security researcher Ralf-Philipp Weinmann, co-author of the aircrack-ptw tool that can crack WEP in minutes.

Anyone caring about their privacy, said Mr Weinmann, should not use WEP to stop others using their wi-fi hotspot.

Mr Weinmann and his colleagues unveiled aircrack in early 2007 but prior to that three other research teams, in 2001, 2004 and 2005 showed how to circumvent WEP.

The latest attack, created by Vivek Ramachandran of AirTight Networks, tricks a computer into thinking it is logged on to a wi-fi network it trusts. It exploits the basic hand-shaking system in wi-fi to get hold of lots of data it can analyse to crack a key.

While the chance that someone will piggyback on your wi-fi network is low, there have been cases in the UK where this has happened.

rest of the story is here http://news.bbc.co.uk/1/hi/technology/7052223.stm

so you use wpa or wep? is it anything for people to worry about? i mean i live in the quietest cul de sac in the country and i doubt anyone is going to bother hacking my wireless connection...

[kmount]

I use WPA2-PSK but sadly, the brother in law's PSP won't support it, thus i've had to go down to WPA.

I don't know of anybody who uses WEP anymore because its nothing new about being able to get past it, but there are some cards which don't yet support WPA so they are in a sticky position.

I doubt anyone would want to hack your connection but its a similar argument to not locking your back door, even though you live in a quiet area..

Good link though.

[acidtechno]

Yeah, I read this too the other day on BBC, part if it is old news really like Chaz says that WEP is no longer trustworthy to use as wireless network protection anymore.

I use WPA-PSK with my linksys stuff so I've not had to worry about the risk of WEP but ha, like luvvbuzz, I too live in a quiet cul de sac in a village where it's not very likely I'm going to be hacked, the majority are OAPs around here.

If you're a hacker, you really have to know what you're doing, even if you use WEP you're pretty safe because some form of protection is better than none at all and the likelyhood of living near some geek/criminal hacker with too much time on their hands is probably low.

I'd suggest if you live in a city or busy built up area with a high population especially if you think any local residents are *dodgy* it's a good idea to get hardware that supports at least WPA or just go wired for added peace of mind.

[aubs]

Well I don't use any encryption!! but there is an ethernet cable running up the outside wall of the house.