YOU ARE HERE: LAT HomeCollections


Tapping Into a Wireless World

Experts say the increasingly popular computer networks are vulnerable to being hacked, raising security concerns.


WASHINGTON — Computer security expert Jonas Luster unearthed more than his e-mail when he signed on to a wireless network for travelers at San Jose International Airport.

Within minutes of connecting his laptop using a wireless modem, the Campbell, Calif.-based consultant gained access to a second network belonging to American Airlines' curbside baggage check-in system. It asked if Luster wanted to send data.

"I could probably check in bags that didn't exist and maybe do other things," said Luster, who was asked by Computerworld magazine to test wireless security at airports for a recent article. "If they are not security conscious at that point, one can only wonder, 'When do they start?'"

Lured by cost savings and the ease of connecting computers without stringing wires, consumers and businesses are setting up wireless networks in droves. The number of wireless network shipments for PCs and other devices has grown to 9 million annually in 2001 and is expected to increase to about 56 million by 2006, according to the research group Allied Business Intelligence Inc.

But the technology has raised questions about security and privacy at a time when the nation is trying to bolster its domestic defense and protect sensitive data from hackers and other unauthorized users.

"Wireless technology presents an opportunity to do security right, but so far [that] hasn't been happening," said Gary McGraw, chief technology officer of Cigital Inc., a computer security company in Dulles, Va. "Potentially everything is laid bare" by wireless networks, and someone could access all of your data, he said.

Some users believe the concerns about wireless data leakage are overblown. An American Airlines spokesman, for example, downplayed the San Jose incident, saying Luster exaggerated any security lapses.

But experts say wireless networks are riddled with vulnerabilities, starting with the fact that many units come from the store with critical security features disabled. Few users bother to implement data-scrambling encryption. And those who do might still be invaded by sophisticated users armed with software-hacking tools.

The result is that computer data often are broadcast in the open, allowing others with compatible transceivers to receive the information if they are within range.

Companies, government agencies and home users have just begun to wake up to the potential problems. The Bush administration is considering an advisory to federal agencies, warning them about using wireless networks to transmit sensitive information. And the White House has directed the Commerce Department to develop comprehensive standards to guide federal offices that use wireless technology, an administration official said.

Meanwhile, SchlumbergerSema, a New York information technology services firm that helped built a computer network for the 2002 Winter Olympic Games, said it was so concerned about wireless networks that it eschewed the technology for more secure wired computer networks.

Most wireless networks have been set up in homes and offices to enable users to share high-speed Internet connections and freely roam up to 300 feet from the wireless transmitter.The most popular wireless systems in homes and offices use a standard known as 802.11b, or WiFi. The systems use the same unlicensed airwaves as household portable phones, and eavesdroppers can capture the signals from up to two miles away using special antennas.

There also are a growing number of commercial wireless networks, mainly at airports and other public facilities, that allow travelers with laptops and wireless local area network cards to surf the Net for a fee. Wayport, the operator of the San Jose system, has such networks in about 450 locations.

Wireless networks have been criticized for easily defeatable encryption and poor password management. Devices using another wireless standard, HomeRF, and even Palm hand-helds also are vulnerable, experts say.

Aviel D. Rubin, an AT&T Labs researcher who was among the first to expose the vulnerability of the WiFi encryption standard, said it takes only a few minutes of examining the information broadcast from a WiFi transceiver to crack its encryption protection.

"About 5% of the time, it leaks data about the [encryption] key," Rubin said. From that data, he said, "you can mathematically reconstruct the encryption key."

Though wireless technology sounds complicated, defeating its data-scrambling security is a simple matter, experts said. There are a number of free software programs on the Internet that allow unauthorized users to unscramble the encryption on a wireless network at the click of a mouse.

In fact, experts said, breaking into wireless networks has become so easy that some hackers are abandoning their desktop computers to go "war driving"--a term they've coined to describe riding around in a car with a laptop and antenna to forage on other people's wireless computer networks.

Los Angeles Times Articles