NEW YORK: A team of researchers reported security flaws in the corporate
standard for wireless computer networks and said the flaws would allow hackers
to break in and steal or modify data. The researchers said they had discovered
ways to eavesdrop on or even disrupt the networks, known as Wi-Fi or 802.11, by
overpowering a security system called Wired Equivalent Privacy. The findings
were published on the Web last week at http://www.isaac.cs.berkeley.edu.
While information transmitted over these networks is encrypted to prevent
unauthorized access, hackers can use modified Wi-Fi equipment to intercept and
decrypt the data, the group said. The researchers, two from the University of
California at Berkeley and one from the private security firm Zero-Knowledge
Systems, also said hackers could transmit potentially harmful data onto the
networks by tampering with others' Wi-Fi equipment.
More than 30 companies, including Cisco Systems Inc., Apple Computer Inc.,
and Compaq Computer Corp., make products for Wi-Fi networks. Wireless networks
allow users to move their computers anywhere in an office or another
establishment and remain connected to the Internet at high speeds. Wi-Fi is the
leading standard among corporate users.
Phil Belanger, chairman of a group that certifies Wi-Fi products and promotes
the standard, acknowledged the security gaps but said many of the holes can be
plugged with extra security tools used commonly by businesses to protect their
wired networks. "This is not end-to-end security," Belanger, who
represents the Wireless Ethernet Compatibility Alliance, said in an interview.
More than 10 million Wi-Fi products will be installed by the end of the year,
and 11 million new products are expected to ship to businesses in 2002, said
Gemma Paulo, a network equipment analyst with Cahners In-Stat Group.
Unlike wired networks, which have benefited from years of security research,
"wireless developments have been, really, in late 2000 and into 2001."
(C) Reuters Limited 2001.