The crypto used in 802.11 wireless networking has been cracked.
August 3, 2001 10:55 PM   Subscribe

The crypto used in 802.11 wireless networking has been cracked. The crack is devastating; it's fast and passive. Simply by listening, the 40-bit key can be cracked in 15 minutes. Worse, the crack scales linearly with the number of bits in the key, so raising the key length to 128 bits would raise the crack time to about an hour. 802.11 is used in such products as the Linksys Etherfast Wireless and the Apple Airport. From now on those products should be considered to be completely insecure.
posted by Steven Den Beste (15 comments total)
One of the ALT tags on the Apple Airport site reads...

AirPort wireless technology provides fast relief from the biggest problem about being wired.

Yeah, right.
posted by milnak at 11:46 PM on August 3, 2001

Old news... this has been known for quite awhile. Basically just ssh everything and you'll be fine.
posted by nathan_teske at 12:04 AM on August 4, 2001

Wireless networks are known for security problems, but the measures needed to avoid snooping is really no different than measures we should alway take. You know, like SSH that nathan mentions above, PGP-encrypting emails and making sure that SSL is used on all important transactions. There are no direct connection over the internet (not even P2P). You should always assume that there are interlopers.

Of course, all of the encryption in the world won't help if your wireless network sits inside of your firewall and allows access to all... (I tried a little experiment based on this article)

As a funny aside, I forgot to pop out my wireless ethernet card before coming home, so when I got home, I started up my computer and got ready to pop it out. And whaddayaknow? I have ethernet. Apparently a neighbor of mine has a wireless network, and I'm piggybacking. Now I can take my laptop into the john!
posted by fooljay at 1:20 AM on August 4, 2001

Based on recent historical precedent, we have no choice but to arrest Scott Fluhrer now and make sure Adi Shamir and Itsik Mantin are arrested the instant they set foot on American soil.

This kind of mischief is anti-American and we must make an example of them. Long live the DMCA! "This aggression will not stand!"


Think anyone is actually dumb enough to press for a DMCA arrest over this? In light of Adobe's misstep, would it be corporate suicide?
posted by joemaller at 2:00 AM on August 4, 2001

It's not just a question of someone being able to snoop on your communication. After they've done so, they'll be able to connect to your base station and access whatever it's connected to. Unless that device forces (rather than merely permits) some extra layer of protection, it's not good.

In other words, if you can use SSH but are not forced to do so then you're in deep kim-shi. Even if you're using SSH, the snooper can still crack the 802.11 key. Then they can program their own mobile to use it, and access your base station themselves without using SSH, and access whatever it is that the base station is connected to -- like your server (which contains your files), or your LAN (to attack whatever's on it).

From now on, any device with an 802.11 base station on it should be considered publicly accessible.

Also, this is not "old news". There was a crack before but it was slower and it required transmission by the cracker and thus could be detected. This is faster and this is passive. This is completely new. Also, with this crack even 128 bit key systems are not secure. (Fooljay, all the articles you referenced assumed that switching from 40 bits to 128 bits would largely solve the problem. Now it won't.)

If the claims made for this are correct, 802.11 as a wireless standard is also in deep kim-shi. Even if they change the standard to fix it, most of the installed base probably can't be updated because the encryption is hard-wired in ASICs.
posted by Steven Den Beste at 4:33 AM on August 4, 2001

Vulnerabilities, at least, have been familiar since October 2000, even if the actual decryption hadn't been achieved. This is one of Bill Arbaugh's pages, who is quoted in your original link. This slide show give a good overview.

What's more significant is that people tend not to use the encryption that they already have, even professionals. Remember this hack at MacHack 2000? It captures images floating by on the Ethernet network. The hacker (sense 1) ran it for a while on the wireless network at the conference, then when he gave his presentation, showed a few of the images he'd gathered. All unencrypted.

Here's a nice little 802.11b blog.

Advice on how to choose your Airport password.
posted by Mo Nickels at 7:11 AM on August 4, 2001

Anyone know if you are still vulnerable if you limit your access to defined MAC addresses?
posted by machaus at 8:33 AM on August 4, 2001

Kim-shi? (Help!)
posted by gleemax at 8:51 AM on August 4, 2001

The issue isn't that someone can plug in an 802.11 device and connect to your network, machaus; it's that someone can passively listen to the radio traffic and decrypt it.
posted by darukaru at 9:27 AM on August 4, 2001

Bah. People can pick up my metafilter browsing if they really want to. All the important things I do on the net are encrypted.
posted by jragon at 9:40 AM on August 4, 2001

Actually, I run my 802.11 unencrypted for the express purpose of letting random people connect to it. Anyone in the courtyard of my building can freeload off my DSL; they'll be inside the first firewall, but outside the second one.

...this has the added benefit of letting *me* sniff the traffic of anyone using my wireless...
posted by aramaic at 10:23 AM on August 4, 2001

My company's buying an 802.11 card for my laptop, so I'm thinking of getting a base station too. If I do, I will make a point of situating it somewhere that the neighbors can pick up the signal. I've got 512 kilobits both ways, and I max that out (on average) around twenty minutes a week. Why not share?

I'd love to see a future in which everyone who wanted Internet access bought a wireless Ethernet station, tapped into their neighborhood's data-cloud, and helped route packets from one place to another. In many places you might not need an ISP at all.

posted by Mars Saxman at 12:27 PM on August 4, 2001

one of these days, i'm going to get up the nerve to ask steven den beste to marry me.
posted by lescour at 12:32 PM on August 4, 2001

machaus: Anyone know if you are still vulnerable if you limit your access to defined MAC addresses?

That's a different mechanism altogether, and continues to work.

I was at Apple around the time of their corporate Airport rollout. Their approach to the access control/security question was to make the Airport network accessible to all comers, but to place it outside the firewall. You can get Airport bandwidth sitting in the parking lot, but to reach anything on their network, you need a VPN, just as if you were dialing up to an ISP or using cable/DSL from home.

Den Beste: If the claims made for this are correct, 802.11 as a wireless standard is also in deep kim-shi.

That's more than a little extreme. Use access control for small networks, and standard firewall practices for large networks, same as ever.

I've had Airport for a year, and I'm never going back.
posted by bumppo at 4:17 PM on August 4, 2001

Kimchi is a cabbage-and-hot-peppers Korean food, pickled, I think. Quite yummy, but as was once written, it can cause "pants-ripping kimchi farts." Hem.
posted by Mo Nickels at 4:31 PM on August 4, 2001

« Older Can someone, anyone, please help Eric?   |   "I dedicate this site to recording the evidence of... Newer »

This thread has been archived and is closed to new comments