-- Eugen* Leitl <a href="http://www.lrz.de/~ui22204/";>leitl</a> ______________________________________________________________ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3 ---------- Forwarded message ---------- Date: Wed, 22 Aug 2001 05:04:54 -0700 From: David Farber <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: IP: Wired: Wireless Networks in Big Trouble >Date: Tue, 21 Aug 2001 00:41:11 -0700 >From: "Robert J. Berger" <[EMAIL PROTECTED]> >Organization: UltraDevices Inc. > >Wireless Networks in Big Trouble >By Michelle Delio >http://www.wired.com/news/wireless/0,1382,46187,00.html >2:20 p.m. Aug. 20, 2001 PDT > >Wireless networks are a little less secure today with the public >release of "AirSnort," (http://airsnort.sourceforge.net/) >a tool that can surreptitiously grab and analyze data moving across >just about every major wireless network. > >When enough information has been captured, AirSnort can then piece >together the system's master password. > >In other words, hackers and/or eavesdroppers using AirSnort can just >grab what they want from a company's database wirelessly, out of thin >air. > >AirSnort's abilities aren't groundbreaking -- security experts know >all too well that wireless networks can be easily accessed and >monitored by outsiders. But a fully featured tool to facilitate >password-grabs wasn't readily available until this past weekend, when >AirSnort was released on the Internet. > >"AirSnort certainly ups the ante in the sense that with this tool, >your 'encrypted wireless net' can be quickly and easily breached," >said Randy Sandone of Argus, a security company. > >"Once AirSnort breaks the encryption, you're basically hosed. A >malicious hacker can read any packet traveling over the network, >gather information, passwords -- you name it." > >Wireless networks transmit information over public airwaves, the same >medium used by television, radio and cell phones. The networks are >supposed to be protected by a built-in security feature, the Wired >Equivalent Privacy system (WEP) -- also known as the 802.11b standard >-- which encrypts data as it is transmitted. > >But WEP/802.11b has proved to be quite crackable. And that's exactly >why AirSnort was publicly released, said AirSnort programmers Jeremy >Bruestle and Blake Hegerle. They hope that AirSnort will prove once >and for all that wireless networks protected only by WEP are not >secure. > >"Yes, AirSnort can be used as a cracking tool, but it can also be used >as a really big stick in an argument over the safety of WEP," Hegerle >said. > >"We felt that the only proper thing to do was to release the project," >Bruestle said. "It is not obvious to the layman or the average >administrator how vulnerable 802.11b is to attack. It's too easy to >trust WEP. Honestly, there is a lot of work involved in hardening a >wireless network. It's easy to be complacent. AirSnort is all about >opening people's eyes." > >Added Sandone: "Perhaps its release will prompt wireless vendors to >significantly enhance the encryption of their products. And hopefully >users will come to understand that encryption (regardless of how it is >used) is not a panacea." > >"Some people overhype the power of encryption, and others put too much >faith in its 'mathematical precision.' It clearly has its value, but >it shouldn't be the only security mechanism in use." > >"Weaknesses in the Key Scheduling Algorithm of RC4," a recently >published paper by Scott Fluhrer, Itsik Mantin and Adi Shamir, >outlined a way to learn the master key to the WEP encryption system, >which would allow an intruder to pose as a legitimate user of the >network. > >Adam Stubblefield, a Rice University undergraduate who was working as >a summer intern at AT&T Labs, tested that exploit (with the permission >of the network's administrator) and was able to pull up the network's >master password in just under two hours. > >Stubblefield published his research on the Internet, but did not >release the program he used to access AT&T's wireless network. > >If the software that he wrote to grab passwords were published, >Stubblefield told a reporter from The New York Times, anyone with a >basic knowledge of computers and a wireless network card could easily >crack many wireless networks. > >"Basically I read the paper and wondered if the attack would actually >work in the real world, and how hard it would be to implement," >Bruestle said. "I am the CEO of a small security firm, Cypher42, and I >wanted to know just how difficult or easy it would be to implement the >attack, so we could properly advise clients on 802.11b security." > >Another tool, WEPcrack, was released on the Internet around the same >time as AirSnort, but WEPcrack is still considered an alpha release, a >work in progress. > >Bruestle and Hegerle's AirSnort is a beta release, a designation that >indicates a program is not quite ready for primetime, but is further >along feature and stability-wise than alpha. > >Bruestle said he and Hegerle had a basic working version of AirSnort >after less than 24 hours of programming time. > >Bruestle said he has received many e-mails about AirSnort, some in >favor of the public release of the tool, others accusing him of adding >to the malicious hackers' arsenal. > >"Many of the people who have e-mailed me about AirSnort are sysadmins >who thanked me for giving them a way to convince management that WEP >really is insecure," Bruestle said. "Of course, I have gotten a number >of flame mails too, comparing the release of AirSnort to 'giving guns >to children.' I understand the viewpoint of those who believe >dangerous information should be hidden, but I disagree." > >Hegerle and Bruestle said that they believe that many people did not >understand the academic nature of Fluhrer, Mantin and Shamir's paper, >and may not understand how vulnerable wireless systems are. > >"It was beyond even my humble attempts to understand (the paper's) >full depths," Bruestle said. "The implications of a tool like AirSnort >are much harder to deny than the paper it was based on." > >AirSnort uses a completely passive attack: An AirSnort user needs only >a Linux-operated computer with a wireless network card, and access to >whatever wireless network he or she wishes to crack. > >Many wireless networks allow amazingly easy access to unauthorized >users, as some have discovered when their laptops suddenly connect to >the Internet when they are in or near a building that has a wireless >network. > >"I've been able to connect to networks when standing outside of >businesses, hospitals or Internet caf�s that offer the service," said >Mark Denon, a freelance technology writer. > >"You can jump in and use the network to send e-mail or surf the Net, >and often it's quite possible to access whatever information is moving >across the network. It's very easy to piggyback onto many wireless >networks, and some people make a game of driving or walking around a >city and seeing how many networks they can jump into." > >"A wireless card in the machine that's running AirSnort does not send >out any data or actually talk with any of the other machines on the >network," said Hegerle. "It simply listens to all the other traffic, >so it doesn't matter if the network allows unauthorized access, as >none of the other machines on the network will even know anyone is >listening," said Hegerle. > >The amount of time required to piece together a password with AirSnort >depends on a number of factors, Bruestle said, but mostly depends on >the amount of network traffic and "luck." > >"On a highly saturated network, AirSnort can usually collect enough >packets to guess the key in three or four hours. If the network is >very low traffic, it can take days to get enough data," Bruestle >said. "Since the attack is based on probability, the actual number of >packets required to guess a given key varies from key to key, >sometimes significantly." > >AirSnort monitoring does not have to be all done in one session, >though. "Five hours one day and five the next works out to be about >the same as 10 hours in a row," Bruestle said. > >Systems administrators have mixed reactions over the release of >AirSnort. > >"Granted, this program will hammer the truth into people's heads about >the insecure nature of any wireless network protected only by WEP," >said Gerry Kaufman, a medical network and systems consultant. "But >releasing this tool also allows a lot of people access to networks who >couldn't have cracked them before. I'm really torn between advocating >open access to information, and keeping tools like AirSnort out of the >hands of kids with too much free time on their hands." > >Kaufman said the "only good thing" that could come from AirSnort's >release is its use for proving to "those who approve the expenditures" >that wireless networks need stronger protection. > >Hegerle and Bruestle suggest that wireless network users look into >other end-to-end forms of encryption, such as Virtual Private Networks >(VPNs) to protect data going over wireless networks. > >"While this requires more work, the false sense of security WEP offers >is worse than no security at all," Bruestle said. > >"Quite simply, I won't be happy until there are no people trusting >their data to WEP as it now exists," Hegerle said. "There are several >possible ways to change WEP, and I would like to see a new dialog >begin, one that looks for a replacement to the badly designed WEP we >are now stuck with." > >Under development are new versions of WEP/802.11b that will include >stronger security features. But the new standards won't be released >until mid-2002 at the earliest. > >-- >Robert J. Berger >UltraDevices, Inc. >257 Castro Street, Suite 223 Mt. View CA. 94041 >Voice: 408-882-4755 Fax: 408-490-2868 >Email: [EMAIL PROTECTED] http://www.ultradevices.com For archives see: http://www.interesting-people.org/
