WIRELESS NETWORKS LEAVE COMPUTERS OPEN TO "DRIVE-BY" HACKING by Will Knigh
A weakness with the security infrastructure protecting wireless computer networks have been highlighted by researchers at a computer security conference in the US.
The problems have been identified with the 802.11 set of specifications created by the Institute of Electrical and Electronics Engineers for wireless local area networks.
Wireless networks are growing in popularity. However, experts have described ways to "listen" to wireless traffic, intercept communications and even gain full access to that network.
"As 802.11 wireless networks become more common, companies' intranets are increasingly being exposed to hacking," said Dave Safford, manager of network security research at IBM.
Information on these vulnerabilities was presented on Friday at the Black Hat Conference in Las Vegas. This is the most important US meeting of computer security experts and underground computer hackers.
The wireless specification known as 802.11 is protected with a system called Wired Equivalent Privacy (WEP). Communications are encrypted with a stream code, meaning that each bit is altered according to a secretly held key during transmission. There are a number of rules designed to ensure that keys are used securely and no one can eavesdrop on messages.
But Ian Goldberg, chief technical officer for Canada's Zero Knowledge systems, presented fundamental flaws with the implementation of the encrypting rules that leave 802.11 communications vulnerable.
He described ways to monitor wireless network traffic in order to gather information about how messages are encrypted. Given this, he says it is possible to modify and even decrypt communications altogether.
Multiple guessAnother conference delegate built on these vulnerabilities to describe practical methods of attacking 802.11 networks. Tim Newsham, a consultant with US security firm @Stake, outlined a technique for decoding messages by testing out a series of cryptographic keys at high speed. Further research indicates that networks using encryption that cannot be cracked in this way may still be vulnerable to automated password guessing.
"WEP is inherently insecure," Newsham said. "So using WEP is essentially just throwing another barrier in front of the attacker."
Another computer security expert, Mandy Andress of ArcSec Technologies, described how unprotected wireless networks can be attacked in many real situations by roaming hackers.
Ollie Whitehouse, a computer security expert with @Stake in the UK says that research in this area is likely to increase investment in wireless security. "There are flaws that require modification and I think you will also see people investing in larger encryption keys and incurring the computational overhead," he told New Scientist. The first industry steps to secure the standard have already taken place. IBM has developed software for a wireless handheld computer that will automatically alert a user to potential vulnerabilities in a particular 802.11 network.
Now say if these statements on the text are True or False:
1. Researchers at the conference said wireless networks are not safe ................ True - False
2. The 802.11 specifications were written by wireless networks users ............... True - False
3. A lot of people are using wireless networks .................................................. True - False
4. Legitimate experts and illegal hackers meet at the Black Hat Conference ....... True - False
5. Communications encrypted with a stream cipher are supposed to be safe ...... True - False
6. Ian Goldberg thinks 802.11 communications are vulnerable ........................... True - False
7. Newsham contradicted Goldberg ................................................................. True - False
8. Encryptions that are cracked in the way Newsham explained are vulnerable ... True - False
9. Mandy Andress is a real roaming hacker ....................................................... True - False
10. IBM has developed software to protect users from hackers ........................ True - False
Now answer:
1) The word "highlighted" (line 2) suggests that .................
a) the speakers were using colour pencils.
b) researchers put special emphasis on this idea.
c) researchers were the stars at this congress.
2) When we hear other people's conversations, we ................
a) intercept their conversation.
b) drive-by.
c) listen.
3) The Black Hat conference has a high profile. In other words, it is ...................
a) very expensive.
b) prestigious and famous.
c) broadcast by TV.
4) "... secretly held... "in line 21 means that ...................
a) nobody knows that this key exists.
b) it is difficult to find this key.
c) a person presses this key during the operation, but nobody knows about it.
5) "... in order to ... " in line 28 is used to express ...........
a) condition.
b) purpose.
c) opposition.
6) "Further .... " in line 36 means ....
a) later research.
b) more complex research.
c) more research.
7) In ".... by testing out .... " in line 35, the preposition "by" is used to express ....
a) the method they used.
b) what they were doing at the moment.
c) the author.
8) In "...a computer security expert with @Stake...", the preposition "with" denotes that...
a) this man is the owner of the company.
b) he works for that company.
c) he uses @Stake.
9) The word "flaws" in line 46 refers to ..........
a) problems with the security experts.
b) changes to the encryption process.
c) problems with wireless networks.
10) A handheld computer is one which ..........
a) is user-friendly.
b) is very handy, good for many jobs.
c) is small enough to be rested on one’s hand.
