Your Wifi Network Isn’t Secure AnymoreJanuary 20th, 2011 | Small Business | No Comments »
Years ago the industry standard of WEP encryption on Wifi networks was forced to evolve when programs that could easily be found with a google search allowed any mischievous individual to compromise a wireless network and steal the credit card information of everyone on it. Everything sent over a WEP network is encrypted with the same password. This single layer of security leaves networks vulnerable to hackers, as the password can be obtained in a matter of minutes through any number of algorithms that guess every possibility for the password. This method of hacking, dubbed the “dictionary attack”, is thwarted on websites that block users after too many wrong password attempts and utilize Captchas.
None of us like squinting at the warped letters and having to repeat forms because we mistook a twisted “t” for an “f”, but it protects our personal and financial information. Since WEP could be hacked so easily, businesses quickly switched to WPA encryption, which uses a constantly changing key for every transmission. The new encryption method almost universally adapted by business owners and lauded by security professionals as being unhackable. Many old devices only support WEP encryption, leaving their users left behind in the dust. Thomas Roth, a security consultant in Germany, made waves last week when he claimed to hack a WPA network in minutes for less than six dollars, using rented supercomputer power from Amazon’s new cloud computing service.
“People tell me there is no possible way to break WPA,” said Security Consultant Thomas Roth in an interview with Reuters, “Or, if it were possible, it would cost you a ton of money to do so,” he said. “But it is easy to brute force them.”
Amazon Cloud provides supercomputer power not only to small businesses aiming for efficiency, but also to hackers who don’t need expensive equipment or computer expertise to compromise your privacy. After obtaining your password, the hacker may use a Firefox extension called Firesheep to intercept your company’s financial records and intellectual property. Customers logging in at your storefront location are also left vulnerable to having their credit card information stolen while logging in at your brick-and-mortar location. Pages secured with an https:// prefix are protected from the latter.
Roth plans to release his algorithm to the public later this month at the Black Hat hacking conference in DC. In the meantime, security professionals are scrambling to release a new, impenetrable encryption protocol for wireless networks. By releasing the malicious code, Roth could make innocent people vulnerable, but the goal of computer security professionals like himself is usually to find the vulnerabilities before the bad guys do. The Black Hat conference is full of insiders like Roth (last year one wirelessly hacked an ATM to spew cash). The media attention provoked by Roth will hasten the industry to use something more secure than WPA and hopefully minimize the damage to victims.