Sandone added: “Perhaps its release will prompt wireless service providers to significantly improve the encryption of their products. And hopefully users will come to understand that encryption (regardless of how it is used) is not a panacea.”
“Some people exaggerate the power of encryption and others put too much faith in its ‘mathematical precision’. It clearly has its value, but it should not be the only security mechanism in use.”
“Weaknesses in the RC4 Key Scheduling Algorithm,” a recently published paper by Scott Fluhrer, Itsik Mantin, and Adi Shamir, described a way to learn the master key of the WEP encryption system, which would allow an intruder to impersonate a legitimate user. of the network.
Adam Stubblefield, a Rice undergraduate working as a summer intern at AT&T Labs, tested that exploit (with permission from the network administrator) and was able to obtain the network’s master password in just under two hours.
Stubblefield posted his research online, but did not reveal the program he used to access AT&T’s wireless network.
If the software he wrote to obtain passwords were published, Stubblefield told a journalist from The New York TimesAnyone with basic computer skills and a wireless network card could easily crack many wireless networks.
“I basically read the paper and wondered if the attack would actually work in the real world and how difficult it would be to implement,” Bruestle said. “I’m the CEO of a small security company, Cypher42, and I wanted to know how difficult or easy the attack would be to implement, so I could properly advise clients on 802.11b security.”
Another tool, WEPcrack, was released on the Internet around the same time as AirSnort, but WEPcrack is still considered an alpha version, a work in progress.
Bruestle and Hegerle’s AirSnort is a beta release, a designation that indicates a program is not ready for prime time, but is more advanced in features and stability than alpha.
Bruestle said he and Hegerle had a basic working version of AirSnort after less than 24 hours of programming.
Bruestle said he has received many emails about AirSnort, some in favor of publicly releasing the tool, others accusing it of increasing the arsenal of malicious hackers.