Back to Search Start Over

Wireless Infidelity II: Airjacking.

Authors :
Berghel, Hal
Uecker, Jacob
Source :
Communications of the ACM. Dec2004, Vol. 47 Issue 12, p15-20. 6p. 5 Color Photographs.
Publication Year :
2004

Abstract

This article assesses the extent of the security risks involved in wireless networking technology by considering three possible scenarios demonstrating vulnerabilities. The Service Set ID (SSID) is a 32 byte or less network name of a service set. This name is used by other network devices to initiate a connection. Wireless Application Protocols (WAP) may be configured as "open" or "closed." In the open mode, the WAP broadcasts its SSID to the world, while in closed mode, it does not. A computer with a WiFi card set to SSID=ANY will attempt to authenticate with the open WAPs with the strongest signals. This is called association polling and is built into Windows XP by default when wireless is enabled. The goal of Wired Equivalent Privacy (WEP) was to bring some of the security available in wired networks to WiFi. Unfortunately, the designers bungled the job. WEP suffers from two fundamental deficiencies — it was poorly designed and it was poorly implemented. Other than that, it's fine. A key WEP vulnerability results from the implementation of the RC4 symmetric stream cipher algorithm. INSET: URL Pearls.

Details

Language :
English
ISSN :
00010782
Volume :
47
Issue :
12
Database :
Academic Search Index
Journal :
Communications of the ACM
Publication Type :
Periodical
Accession number :
15278909
Full Text :
https://doi.org/10.1145/1035134.1035149