Wireless networks a 'hacker's playground'

Faulty protocols leave doors wide open to attack.

Written by James Middleton

vnunet.com, 19 Jul 2001

Wireless networks are set to become a "hacker's playground", security experts have warned.

Kenneth De Spiegeleire, consulting manager at security group ISS, said that simply taking a drive through a city centre armed with a wireless detection tool would flag up dozens of networks, and the chances are that most of them won't be watertight.

De Spiegeleire said that the encryption used in wireless protocols suffers from inherent flaws and that malicious attack techniques, such as denial of service, are much easier to carry out on wireless networks.

Although the tools to do the damage aren't yet readily available, once wireless standards emerge and the technology becomes more widespread, wireless hacking has the potential to become as prevalent as it is on wired networks today.

"Although the same rules apply as with securing a wired network, wireless introduces new twists and, because it's a new technology, security is forgotten about. There really isn't any hard and fast way of hardening a wireless network yet," said De Spiegeleire.

The most likely candidate for wireless networking in the enterprise is the IEEE 802.11 standard, with Bluetooth consigned to a more consumer oriented market. And despite the temptation of low cost, easy deployment, the downside is a whole new security headache.

Bolting a wireless network onto your existing local area network (Lan) introduces an untried and untested entry point to your company that may allow intruders to virtually walk straight in, even while they're standing outside your office apparently checking their calendar on their PDA.

"Wireless access points are an untrusted network gateway, and should be treated as such," said De Spiegeleire. "The implementation of security in wireless technology is very bad. The vendors haven't thought about encryption and security and, if wireless goes the same way as IP did security-wise, we'll have our work cut out for us."

But the convenience pros may outweigh the security cons, according to Gartner Group. By 2005 50 per cent of companies may have extensively deployed wireless Lans, and by 2010 the majority of companies will have deployed them to support standard wired networks, the analyst said.