Interview with Jon Edney, author of "Real 802.11 Security"
by Mirko Zorz - Thursday, 18 December 2003.
Well, far be it from me to suggest that the media exaggerate things! These attacks are real and go on everyday. But I have to say I've never seen anyone walking round my district with a laptop and a piece of chalk. For me, the novelty of war driving could wear off pretty quick. These days there are so many Wi-Fi networks out there, and so many of them are unprotected, you probably don't need to drive anywhere. Chances are your neighbors are already open for business! This is the problem we need to address.

What are your predictions for the future when it comes to wireless security? There has been a lot of talk about the insecurities of the Wi-Fi Protected Access (WPA) security standard.

I have a lot of confidence in WPA. There has been press recently about a potential dictionary attack under some conditions. In essence this says that if you choose a bad password (or key) to protect your system you may be vulnerable to dictionary attack. So what's new? The same applied to security systems the world over. If you choose a password like "Redskins" then a dictionary attack is bound to find your password. You can foil dictionary attacks by limiting the number of tries an attacker can make but at the end of the day the solution is pick good passwords! I'm not aware that there is any unexpected security weakness in WPA and is has been reviewed by the world's best. I think the issue has been sensationalized.

The future? Well I think we need to work towards a generic security model across all network systems. The problem up to now is the security has been developed in islands. This is partly due to the separation of the IETF and IEEE organizations. There is a big feeling with everyone that all the standards need to hang together as a whole to ensure effective and security deployment.

What are your future plans? Any exciting new projects?

Keep an eye on the work of task group 'e' - quality of service. It's a long time coming but could do some interesting things. My company consults on a range of IEEE802.11 related areas - check out


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th