Security professionals said the bell has tolled for the WEP protocol, which is used as a default intrusion-prevention system for IEEE 802.11 wireless LAN Wi-Fi devices.
The troubled protocol suffered its first blow in 2001, when a flaw was revealed in the WEP protocol's RC4 key scheduling algorithm, which allowed radio sniffer programs to extract and inject wireless data packets from and into the network where statistical analyzers, known as WEP crackers, can recover the encryption key to unscramble the data. However, the WEP security key required about 4 million packets to be intercepted for it to be calculated. Now, security experts in Germany have claimed that they can outfox the beleaguered protocol in three seconds, down from the previous best of about five minutes, which kept up with changing security keys.
The experts said they can extract a 104-bit WEP key from intercepted data using a 1.7-GHz Pentium M processor so much faster that the process could be performed in real time by someone walking through an office. Bank of Queensland IT security manager Grant Slender agreed that the WEP protocol is lax and said he would not trust anything built on it.
"We don't use wireless technology, and we wouldn't rely on any form of built-in encryption; we would treat it akin to an untrusted Internet connection," Slender said. "We wouldn't put the same applications over wireless as we would for a cable connection because the wireless security standards have been compromised," he said. "It's simply easier for us to consider the WEP protocol untrusted."