Research Group Reports Your AirPort Network Can Be Hacked

A research group called Internet Security, Applications, Authentication and Cryptography (ISAAC), working out of the Computer Science Division at the University of California, Berkeley, has released a report that AirPort user should know about. The group has issued a report called "(In)Security of the WEP algorithm" that suggests that 802.11b networks can be compromised somewhat easily because of flaws in the Wired Equivalent Privacy, or (WEP). AirPort is Appleis implementation of the IEEE 802.11b standard, and it too relies on WEP for security. According to the report:

We have discovered a number of flaws in the WEP algorithm, which seriously undermine the security claims of the system. In particular, we found the following types of attacks:

  • Passive attacks to decrypt traffic based on statistical analysis.
  • Active attack to inject new traffic from unauthorized mobile stations, based on known plaintext.
  • Active attacks to decrypt traffic, based on tricking the access point.
  • Dictionary-building attack that, after analysis of about a dayis worth of traffic, allows real-time automated decryption of all traffic.

Our analysis suggests that all of these attacks are practical to mount using only inexpensive off-the-shelf equipment. We recommend that anyone using an 802.11 wireless network not rely on WEP for security, and employ other security measures to protect their wireless network.

In a Wall Street Journal report, one of the groupis members put it in more plain terms:

"We found a number of ways to intercept transmissions and discover what the contents are," says Nikita Borisov, a 23-year-old graduate student at Berkeley. "We found ways to modify transmissions as theyire sent. And we found ways to access the network even if itis restricted."

As of press time, Apple has not yet responded to our questions.

The report offer much more specific information, and if you have an interest in this issue, we highly recommend that you check it out. The Wall Street Journal story we referenced also has some additional information.