At the Secure Mobile conference, Dr Philip Nobles of Cranfield University talked about WLAN security, and in fact, the lack of it. Wired Equivalent Privacy (WEP) was the original security system that cames with 802.11, and for a long time it has been known to be academically broken. However, Dr Nobles said that now there are freely available tools that can practically break the encryption in real-time. As an example, he said that his own home router had given up its secrets after an attack of three minutes.

I must say I felt some relief that I had already made the switch to WPA some months back, when I traded in my reliable old Diva 2480 ADSL router for a new device with 802.11b, more powerful firewall, and WPA. Of course Dialogic are not in the broadband modem/router business any longer, so I had to choose a device from "outside". This was a wrench, since I have been using the Eicon ADSL products for perhaps 6 years, and back then I was Product Manager for a lot of the Diva ADSL products, so I had a lot of emotion invested in those products. Still, times move on, and it's only a box.

If you're still using WEP, then don't worry too much: it's estimated that 60% of the WLANs out there are not secured in any way. Dr Nobles showed some information he had collected on a train ride into London, showing that most WLANs were unsecured, and still in "factory default" state. So with some many unsecured WLANs available, why would an attacker go for a WEP-secured one?