Commentary: Group discovers wireless security hole
A newly discovered security flaw illustrates the trend toward increasing vulnerabilities as companies rush wireless products to market.
By John Pescatore, Gartner Analyst A newly discovered security flaw illustrates the trend
toward increasing vulnerabilities as companies rush wireless products to
market.
 | |||
|
| | |
| |||
On Feb. 2, a group of computer scientists associated with the University of California at Berkeley announced that they had discovered a flaw in the 802.11b Wired Equivalent Privacy (WEP) protocol that enables notebooks to connect wirelessly to LANs. The flaw could allow hackers to intercept the transmission of data to and from the notebook, to read the contents and to modify them without detection.
Gartner has predicted that vulnerabilities such as the one in WEP will become even more prevalent as companies take shortcuts to build encryption and authentication into wireless devices that have limited processor and memory capabilities. Complex protocol stacks, weak encryption, shared keys, user confusion, and bandwidth and device restrictions encourage makers to take shortcuts with emerging mobile devices and services.
The first generation of any technology is inherently insecure. Until researchers and hackers have scrutinized a technology and attacked implementations, any software will inevitably contain serious security vulnerabilities. This situation should not panic people but lead them to take sensible precautions.
The attacks against wireless 802.11 networks require close physical proximity to the network, but the flaws in the current implementation would enable a relatively unsophisticated attacker to intercept and tamper with LAN traffic while sitting in the parking lot outside of a building. Enterprises using laptops with 802.11 wireless interfaces should use virtual private network (VPN) client software on the laptop to encrypt communications over the wireless interface and use VPN servers in conjunction with the wireless gateway.
WEP implementations that correct the flaws discovered by the Berkeley group will likely not be available until at least the first quarter of 2002.
(For related commentary on wireless LAN technology, see TechRepublic.com--free registration required.)
Entire contents, Copyright ? 2001 Gartner Group, Inc. All rights reserved. The information contained herein represents Gartner's initial commentary and analysis and has been obtained from sources believed to be reliable. Positions taken are subject to change as more information becomes available and further analysis is undertaken. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of the information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof.