AirSnort, a new software tool for recovering encryption keys
across wireless local area networks, was this week released as a
free download on the internet, posing a serious threat to the
security of the wireless networks increasingly being used by many
businesses.
The tool passively monitors and analyses data travelling across
802.11b (known as WiFi) wireless networks. Once enough information
has been gathered (around 100M – 1GB), it can identify in less than
a second the encryption key, effectively the password for all data
being transferred on the network.
The wireless networks affected are supposed to be protected by a
security feature known as the Wired Equivalent Privacy system
(WEP), but flaws have been found in WEP, the most serious of which
lies in its encryption algorithm and which can be exploited by
AirSnort users, provided they have a computer with a wireless
network card within range.
The authors of AirSnort say it is intended to heighten awareness
of security flaws. They hope that wireless vendors will now be
forced to significantly enhance the encryption of their products,
and that users will now realise they cannot rely on WEP encryption
as their sole security mechanism.
