RSA Security Patches Hole In Wireless LANs

RSA Security Inc. has developed a technological patch for security holes in wireless networks, addressing concerns that wireless LANs were vulnerable to "wardriving," or drive-by hacking attempts.

The fix deals with problems with the Wireless Equivalent Privacy protocol, which encrypts communications over 802.11b wireless networks. Researchers discovered in August that the protocol was flawed and that the encryption could be decoded and data stolen by anyone who drove by a wireless-enabled office with a notebook and wireless modem. "In about 20 minutes or so, someone could crack the encryption," says Jason Smolek, research manager for enterprise networks at International Data Corp.

The new "fast packet keying" technology encrypts each packet of data in a wireless LAN with a unique key, according to the RSA Security. That sort of dynamic keying is exactly what's needed to close the security hole, Smolek says. It can be distributed as either a software or firmware patch by wireless LAN vendors, making it easy for users to quickly update their equipment.

RSA Security worked on the fix with software developer Hifn Inc. and the Institute of Electrical and Electronics Engineers standards committee. The organization has already approved the technology as a patch to the 802.11 protocol.