The A to Z of wireless

NEWS

V is for Vulnerabilities

A range of encryption protocols are in use to prevent hackers and other ne'er-do-wells from getting into company networks.

WEP (aka wired equivalent privacy) was the first wireless encryption standard but is now considered to be the weakest protocol. That doesn't mean it's not still in use however - a survey at the start of this year found a quarter of retailers still using WEP. Even more worryingly, around a third of the retailer access points probed were found to be entirely unencrypted.

The dangers of not shoring up a wireless network with adequate encryption were amply illustrated by the massive data breach suffered by retail chain TJX which came to light in 2007. The company was only using WEP on its WLANs which meant hackers were able to steal 45 million customer records over a period of around two years, including millions of credit card numbers. Once they had cracked the encryption, they were able to collect the user names and passwords of staff as they logged in and then set up their own accounts to collect transaction data.

The problem with WEP is that while it does encrypt data it only uses a static encryption key so if hackers intercept enough packets they can crack the key. It can be done remarkably quickly with the right tools: the FBI, for instance, has demonstrated a three-minute crack of WEP.

The latest wi-fi security protocol available is WPA2 - wi-fi protected access version 2 - which changes the encryption key with every data packet sent rather than having a static key. It also uses a different encryption protocol to WEP and also incorporates technology aimed at sniffing out imposter packets trying to sneak onto the network.

One reason companies may be seen to be dragging their feet on wireless security and using older, less secure protection is that WPA2 requires compatible hardware which can mean having to buy new equipment.