Wireless networks based on the same technology as Apple’s AirPort have spread throughout homes and offices small and large. That ubiquity has meant greater dependence: most AirPort users would now find doing without this wireless technology cruel and unusual punishment. In fact, the only thing that may match the growing acceptance of the wireless-technology standard known as 802.11b is the widespread confidence users have in their networks’ security.
That confidence is misplaced. Several research groups have discovered that the security of the data flitting between your AirPort Base Station and your Mac is not as ironclad as you may assume.
Apple’s AirPort technology allows you to create closed networks, which only someone who knows the name of the network can join. You can add a password to your network and thereby encrypt wireless data using a scheme called Wired Equivalent Privacy (WEP).
But WEP is a poorly designed security system. AirPort’s WEP was already considered weak because of its short, 40-bit encryption key. But as it turns out, design flaws in WEP mean that using even 128-bit keys makes it only a bit more difficult for miscreants to insinuate themselves into your wireless data. Now it takes a little elbow grease to create the tools to break into a closed, WEP-encrypted wireless network, but it’s just a matter of time before automated tools capable of doing precisely that appear on the scene.
When researchers first published their vulnerability findings, the IEEE 802.11 Working Group that approved WEP didn’t admit its error, instead trying frantically to downplay the problem’s importance.
At the moment, remedies appear to be many months away. And wireless-hardware makers are noncommittal about whether it will even be possible to upgrade existing products to make them secure.
If you use AirPort or any other 802.11b system, you should contact the vendor of your wireless hardware, tell it how much you care about your data’s security, and ask when it plans to fix the flaws in WEP. WEP is not secure by a long shot, and the consumers who bought into 802.11b and created the great demand from which vendors are now profiting deserve proper protection for their networks. That said, 802.11b itself is still wonderfully useful technology and should not be shunned merely because of WEP’s shortcomings. Knowing precisely how your wireless network and its data are protected will help you decide whether a wired network suits your needs best after all.
Want to find out more about WEP and 802.11? Check out this report by Internet Security, Applications, Authentication, and Cryptography.