News

SpectraGuard Online - 30-day Free Trial



Caffe Latte Vulnerability Discovered by AirTight: Underscores Urgent Need for Wireless Road Warriors to Adopt Best Practices

  • Dangerous New WEP Vulnerability Demonstrated at TOORCON9
  • AirTight Offers Best Practices Checklist for Wi-Fi Users to Protect Laptop Data and Corporate Networks

San Diego, CA - October 21, 2007 - At the  TOORCON9 conference today, AirTight® security researchers, Vivek Ramachandran and Md Sohail Ahmad, revealed the discovery of the Caffe Latte vulnerability, which shows that it is possible to crack WEP keys without an AP in the time it takes to have a cup of coffee - hence the name Caffe Latte. AirTight Networks is the leading provider of wireless intrusion prevention solutions.
 
In the last few years, much has been published about the risks users face when they fire up a laptop while outside of their trusted network environment. In light of this, AirTight is providing a checklist of must-do best practices if road warriors are to protect the data on their laptop as well as the corporate networks to which they connect.
 
"The myth has been that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network with at least one functional AP up and running," said Ramachandran. "With this attack, one of several vulnerabilities recently discovered by AirTight researchers, we have found that it is possible to retrieve the WEP key from an isolated client - the client can be on the moon! - using a new technique called 'AP-less WEP Cracking'. The ramifications of this are quite startling. Indeed, the multitudes of organizations which have not yet upgraded from WEP to WPA or WPA2, especially those who need to comply with PCI regulations, now know this risk exists and that their WEP keys can be cracked even while one of their employees is taking a quick coffee break far from the RF signal of the office."
 
The discovery also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.
 
"While the real solution to mitigating risks from emerging threats such as this lies in upgrading your infrastructure to WPA or WPA2, there are simple best practices that mobile users can employ to help keep them safe not only from this attack but also from other common hacking attacks.," said Jatin Parekh, director of product management at AirTight.
 
Best Practices Checklist

  1. Remove undesirable wireless networks from your wireless network connection profile
  2. Remove any peer to peer network from your wireless network connection profile
  3. Connect only to trusted networks which are known to you
  4. Disconnect immediately if you accidentally connect to an unknown network
  5. Turn off your wireless card when you do not need to be connected over wireless
  6. Use a VPN client when connecting over insecure public Wi-Fi hotspots
  7. When a VPN client is not available, use a secure Web browser (SSL)
  8. Avoid accessing confidential, sensitive or valuable information over unencrypted connections
  9. Upgrade your Wireless software regularly. Always keep your laptop’s wireless drivers updated to the latest version
  10. Review points 1 - 9 every time you are connecting wirelessly

 
"In a fast paced, mobile environment, users are not always as vigilant as they should be about following best practices for Wi-Fi use," continued Parekh. "The most effective way to ensure wireless safety is by using an end point tool which can act on behalf of the user and apply best practices automatically - and these tools are available today including a free downloadable wireless connection manager agent from Airtight - SpectraGuard SAFE Personal Edition."
 
About SpectraGuard® SAFE
SpectraGuard SAFE gives IT administrators the ability to enforce unique, location-based security policies. SpectraGuard SAFE protects laptop users from rapidly proliferating wireless attacks such as Evil Twin, wireless phishing, ad hoc networking and more. AirTight Networks is the only company to expand beyond Wi-Fi and offer a complete wireless policy management and enforcement solution including Wi-Fi (802.11 a/b/g/pre-n), Bluetooth, GSM, EvDO, CDMA, and infrared interfaces.
 
The current release of Airtight’s end point solution, SpectraGuard SAFE 2.2 already contains powerful features which protect against a Caffe Latte attack and the next release of SpectraGuard SAFE goes even further to protect users by creating a unique profile for ‘trusted zones’ such as the office or the home. SAFE 2.5 automatically detects when the user leaves the office or home environment and automatically prevents the client from connecting to any foreign device in the new environment. This automatic profile switching mechanism completely prevents a hacker from connecting to a user’s laptop and compromising its security.
 
SAFE allows administrators to manage devices remotely and gives road warriors a simple automated way to configure their devices to greatly reduce the window of risk. These new techniques are part of AirTight’s continuing leadership in identifying emerging threats and placing priority on developing products to derail those threats.
 
To learn more about SpectraGuard SAFE, visit: http://www.airtightnetworks.com/home/products/add-on-products/endpoint-protection.html
 
How Caffe Latte Attacks Work
The hacker using a Caffe Latte attack tricks the user’s laptop into believing it is connected to its office or home network, even though it is miles away. The hacker then gets the client to generate enough data traffic in order for the hacker to grab the WEP key of the office or home network.
 
At its core, the attack uses various behavioral characteristics of the Windows Wireless stack along with already known flaws in WEP to pull off this feat. Depending upon the network configuration of the authorized network it is possible to recover the WEP key from an isolated client within a time slot ranging between just a few minutes to a couple of hours. This technique can easily be used to perform similar attacks for other operating systems. For more information about the Caffe Latte attack, go to:
http://www.airtightnetworks.com/home/resources/knowledge-center/cafe-latte.html

About AirTight Networks
AirTight Networks, the industry standard for wireless vulnerability management, is the only company that offers customers a flexible, end-to-end solution that gives them visibility into their wireless security posture and a choice in how to manage it. AirTight provides full wireless intrusion prevention systems (WIPS) and the world’s first on demand wireless vulnerability management service. AirTight’s patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight’s customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com

Media Contacts:
Della Lowe
AirTight Networks
Tel: +1 (650) 934 8191
della.lowe@airtightnetworks.com

AirTight Networks, and the AirTight Networks logo are trademarks; and AirTight and SpectraGuard are registered trademark of AirTight Networks, Inc. All other trademarks are the property of their respective owners.
<< Back to: Press Releases