Research team, including 2 members from U. of Cal., Berkeley, ide...

on wired equivalent privacy (WEP) algorithm used in 802.11-based wireless local area networks (LANs). Research cited areas in which it said such LANS were susceptible to security breaches, including attacks to “inject new traffic from unauthorized mobile stations” and to decrypt traffic. WEP is used to bar unauthorized access from using “secret” key shared between mobile station such as laptop and access point such as base station, paper said. Key encrypts packetized data before it’s transmitted. “More sophisticated key management techniques can be used to help defend from the attacks we describe; however, no commercial system we are aware of has mechanisms to support such techniques,” paper said. It said that while decoding 2.4 GHz digital signal is difficult, hardware to listen to those transmissions could be obtained from 802.11 consumer products. “The products possess all the necessary monitoring capabilities and all that remains for attackers is to convince it to work for them,” paper said. Phil Belanger, chmn. of Wireless Ethernet Compatibility Alliance (WEPA) , said “this is not new news.” IEEE 802.11 group has been working on issues such as enhancing medium access protocol for 802.11 systems, including security and quality of service, he said. Vendors also have been working on firmware upgrades and retrofits for existing products, which would be similar to how software users can obtain “patch,” Belanger said. Point that paper missed, he said, is that WEPA has goal of making wireless LAN security mechanism as secure as wired networks. Typical scenario for business user, however, would be end-to-end security solution such as virtual private network that adds another layer of security on top of those systems, he said.