Wifi links vulnerable even with encryption

Free tools crack WEP and WPA with ease, McAfee expert warns.

Wireless networks are extremely vulnerable to intrusion from hackers - even with encryption switched on, say leading security experts.

Foundstone, a division of McAfee, cautioned that the tools needed to carry out such attacks are freely available on the internet and that some distributions of Linux are specially pre-configured for these tasks.

No specialist knowledge is required to break a wireless network's encryption so there's a wider pool of potential hackers to guard against.

WEP encryption is particularly susceptible to 'network sniffing' whereby malicious users listen in on the packets of information being exchanged between computers. When enough packets have been gathered it becomes almost trivial to crack the encryption and reveal the network's password.

WPA can be easily exploited by evesdropping on traffic when computers sign onto a network - during the handshaking process.

Foundstone underlines the importance of choosing a secure password that won't be vulnerable to a dictionary attack and changing the network key often. It says that 10 per cent of people still use one of the top 50 most common passwords.

For commercial wireless use, Foundstone recommends that IT managers assume that anyone can break the network key and that it should only be the first of a layered defence against intrusion.

Martin Pivetta, market development manger at McAfee, says he is highlighting this issue 'not to sell products but to create awareness.'