The group found holes in the Wired Equivalent Privacy algorithm, or WEP, a security measure used by the wireless networks that let people surf the Internet while wandering around their homes or offices, without being tethered by cables. Such networks use radio antennas to transmit content between a remote port and a computer or other wireless device.
In their report, the researchers discovered that hackers could eavesdrop on transmissions, or they could interject messages, alter the network, and build systems that would enable them to glean passwords.
Though Apple led the adoption of the technology with its AirPort system, it's now available for PCs--and gaining popularity as more people go wireless. Toshiba is installing the system on its top-of-the-line laptops, and Starbucks is putting it in its coffeehouses. Even American Airlines' Admiral's Club is offering it to executives passing through major airports.
The UC Berkeley scientists urge people using such systems, which run on a standard known as 802.11, to adopt stronger security measures to prevent such exploits.
"The products possess all the necessary monitoring capabilities, and all that remains for attackers is to convince it to work for them," the researchers wrote.
Nikita Borisov, a Berkeley graduate student on the team that discovered the problem, said people who use WEP should also use a VPN (virtual private network) or additional encryption software to prevent others from snooping while they surf.
"My fear is that because the hardware that you buy now says it has encryption included, people will think their data is secure," Borisov said.
He said someone with a strong antenna could tap into a network from as far away as a mile if there's no interference.
The research group, which includes Borisov, Berkeley professor David Wagner and recent graduate Ian Goldberg, also criticized the creators of WEP, saying they failed to include cryptographers during the development process.
"Had this been done, the problems stated here would have surely been avoided," their report said.
Security experts called the discovery a major vulnerability but said it would be difficult to exploit. For one, hackers would have to be physically near or inside the premises where the network they wanted to crack was located.
"This is not anything someone is going to do from around the world with an Internet connection," said David Perry, Public Education Director of security firm Trend Micro.
The cracker also would need to run complicated software and work on a machine that's 802.11-compatible.
The Berkeley researchers warned that it's possible for someone to create scripts that would allow people without much technical knowledge to exploit the holes.
Perry said the discovery will probably force companies to beef up their physical security to ensure no one gets close enough to their networks to break in. It will also alert companies to the possibility that wireless networks can make industrial espionage easier.
"I would think twice about powering up my laptop in the Admiral's Club at the San Jose Airport," he said.
At the least, the discovery highlights the vulnerability of wireless networks, which are sure to grow along with the widespread adoption of Web-enabled devices including cell phones, watches and PDAs (personal digital assistants).
"It's going to be possible in the future for malicious code exploits to take advantage of the fact that a guy walking down the street is broadcasting from seven different devices," Perry said.