Cafe Latte – New Attack to Pilfer Wi-Fi Users’ Data
Air Tight Networks have designed an attack known as Caffe Latte, which utilizes the WEP (Wired Equivalent Privacy) encryption system to log on in order to protect the wireless networks.
Caffe Latte provides Internet access from other networks by allowing the attacker to act as a middleman while evaluating the user's machine or employing payloads. The attack, proving its fancy name, can be carried out anywhere, even in a café.
WEP was the default method of protecting Wi-Fi networks, designed in the late 1990s. However; it was substituted by the WPA system (Wi-Fi Protected Access), but around 41% of businesses still rely on WEP. The proportion is higher in home users, said the security experts.
It is really unfortunate that WEP has been laden with the security problems. WEP was held responsible for the data breach regarding the access of 45 Million credit and debit card numbers by the thieves in the TJX Companies Inc.
The researchers till date have inclined towards exploiting the WEP error with an intention to break into the wireless networks. That reflected that the attacker will turn around the WEP-encrypted router, and decode the WEP key utilized for encrypting the traffic network, finally logging to the network.
Ramachandran, a Senior Wireless Security Researcher with AirTight Networks Inc. said that till now, the traditional belief was, the attacker who wants to crack the WEP would have to come at the parking lot, as published by Computerworld on October 17, 2007. With the development of this attack, every employee of an organization is an aim of an attack, Ramachandran added.
The most susceptible to the attack were the companies in logistics and retail, as the scanners used in warehouses and the retail point-of-sale systems (which are still widely used) only support the WEP. If a cracker could relate the cracked key to a company by utilizing the intrusion tools or by scrutinizing the hard drive of the victim, then he can directly enter into that company ant also their network at his will. This is what which exactly led to the break in of the TJ Maxx/Marshall's parent company.
In broader terms, if ever anyone linked to a WEP-protected network and stored the key, his laptop gets exposed to the attack.
» SPAMfighter News - 05-11-2007