One of the critical issues involved with the growing wireless market is security. As I mentioned in an earlier post, consumers and home businesses have been purchasing wireless devices to transmit everything from music to photos. However, mid-sized to large businesses, especially financial ones (banks, brokers, etc.) don't trust this technology, and with a good reason. It's not secure. And here is why:
The Wired Equivalence Privacy protocol is the orginal and most widely-used security protocol for wireless devices. There are two problems connected with WEP however. It is based on a system of "keys". Hackers using the brute-force or "dictionary" method of entering alphanumeric combinations can eventually reveal the public and private keys.
The WEP encryption keys are short (and easily guessed) and static (instead of being updated dynamically from the server). To update the keys, a technician must visit each device on every "road" location (hot spot, motel, etc). This just isn't practical for most companies.
WAPs are Wireless Access Points which are essential low-frequency radio devices capable of broadcasting over short distances: ten or twenty feet in a home or up to a few city blocks for a business. You can buy them for about $100 and they're manufactured by Microsoft, D-Link, Linksys, Netgear, and similar consumer-oriented comapnies. You can set up a WAP cable modem in your home, install a WAP card in each of your PCs and you now have a wireless home network, with each device having internet access.
But radio signals can be interfered with. They can be blocked by buildings and bridges and high-tension electrical cables can jam their signals. This isn't likely in the confines of your home, but for businesses it is a distinct possibility, because WAPs are set up by default to respond to the strongest RF signal available.
You can actually set up a "rogue" WAP to pull the signals from another WAP. In other words, you can eavesdrop on your neighbors' wireless networks. Just set up your own WAP in your car and drive through the neighborhood around 2am.
Virtual private networking is currently being used to secure internet transmissions through phone lines. This can done by encapsulating the data within a protocol and sending the package out via the TCP/IP protocol. A similar use of this "tunneling" technology can be adapted to wireless transmissions.
Users Don't Care
The average consumers of today's wireless devices aren't overly concerned with security. Instead, they're going for the convenience, speed and novelty of PDAs and cell phones that can transmit pictures. For those people, WEP takes too long to configure and it can actually slow down the processing of their devices.
Those are the security issues, in general. The good news is that a new, tighter security protocol, WPA, is now on the market and a second, 802.11i, is in development, to be released in 2004. (I doubt if the consumer will bother configuring these on his her or her device, but companies and their employees will.)