The wireless protocol is vulnerable to hackers using easily obtained equipment, the group warns.
The security flaw means that data transmitted using the protocol can be intercepted and read – and unauthorized transmissions can be sent through hacked networks.
WEP lash At issue is the Wired Equivalent Privacy (WEP) protocol used in the Institute of Electrical and Electronics Engineers (IEEE) 802.11 international standard for wireless LAN (local area network) communications. Used in AirPort, the standard has flaws that "seriously undermine the security claims of the system", leaving it vulnerable to attacks that decrypt traffic, researchers found. The group was able to intercept wireless transmissions, modify transmissions and access restricted networks.
Because wireless networks use shared radio waves to transmit data they are particularly vulnerable to security breaches, which is why the 802.11 standard and WEP were created. Berkeley's Internet Security, Applications, Authentication and Cryptography (ISAAC) group said it is publishing its findings in the hope that the protocol will be redesigned and security improvements implemented.
The flaws also expose the vulnerability of proprietary wireless-technologies like AirPort, and states that systems relying on AirPort base-stations are vulnerable to attack.
Wireless protection "We recommend that anyone using an 802.11 wireless network not rely on WEP for security, and employ other security measures to protect their wireless network," the group said.
The group used a wireless ethernet interface that was subverted "to monitor and transmit encrypted data" by simply modifying driver settings. More difficult "active" attacks can be undertaken through reverse-engineering using products from companies that allow upgrading.
"The time investment required is non-trivial; however, it is a one-time effort - the rogue firmware can then be posted on a Web site or distributed amongst underground circles," according to "Intercepting Mobile Communications: The Insecurity of 802.11" – a paper the ISAAC group published on its Web site.
Not even 128-bit encryption versions of WEP are secure, according to the paper, which spells out in detail how WEP works and how it can be subverted.
The group recommends the constant additions of new data-signatures, and limiting wireless-network Internet access in order to limit the danger.