The problem lay in a protocol known as Wireless Equivalent
Privacy (WEP). It was widely reported that the WEP protocol - the
standard that outlines how data will be encrypted on the 802.11
wireless network - was implemented in a way that made it vulnerable
to attack.
A hacker could intercept communications sent over the network
simply by having a piece of software running on a laptop within
range of the network together with a wireless network scanner. This
is obviously a serious risks for businesses that deployed wireless
LANs because any confidential data - financial transactions, credit
card numbers and a company's proprietary information - that is
flowing over these networks can be compromised or exposed.
The affected wireless networks currently encrypt data using an
RSA Security algorithm, known as RC4. The attacks against WEP were
not a result of a weakness of the RC4 algorithm, but instead a
weakness in how WEP derived RC4 keys for different data packets
from a secret shared between wireless clients and access points.
Simply put, the keys for different packets were too similar.
Hackers could exploit this similarity to extract information about
the shared secret after analysing a modest number of packets. Once
the shared secret was discovered, a malicious hacker could decrypt
data packets being passed along the exposed network.
RSA Security and Hifn, another security company, have developed
what they call the “Fast Packet Keying” solution which is designed
to avoid the similarities in the packet keys by providing a rapid
way to derive unrelated RC4 keys from a shared secret. Fast Packet
Keying will create a unique key for each data packet sent over the
wireless network.
