Feeds

Broadcom simplifies Wi-Fi security set-up

Full WPA cover in two steps

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

Wi-Fi chip maker Broadcom today unveiled software that it says will make setting up secure WLANs significantly easier.

The software, dubbed SecureEZsetup, provides a simple two-step set-up wizard that configures both the access point and the PC client using the Wi-Fi Protected Access (WPA) TKIP security system.

Users setting up a WLAN for the first time are asked to provide the answers to two "easy-to-remember" questions. These answers are used to create the appropriate authentication and data encryption keys, plus the access point's unique SSID, details of which are provided to the user.

If more PC clients are added to the WLAN at a later date, the software asks for that information before configuring the client-side settings.

In order to ensure that the correct access point is configured, the wizard will only talk to access points that have been operational for less than an hour.

"We assume the user has taken the equipment straight out of the box and plugged it in," Gordon Lindsay, Broadcom European product line manager, told The Register.

He acknowledged that there was an inherent security flaw in the system - the initial wireless link between the client and the access point is by necessity unprotected - but he said Broadcom had minimised the risk of interception. "After each communication between client and access point, the two are disassociated," he said. In short, the two talk to each other literally as briefly as possible until they can re-associate permanently over a secure connection.

The system requires both access point and client adaptor contain one of Broadcom's 54g-branded 802.11g chipsets. Lindsay expects devices to ship with the software from mid-May onwards. Older kit will require a firmware update, which Broadcom has made available to its customers.

Broadcom supplies 802.11g chipsets to Linksys, Buffalo, Belkin, Motorola, Apple, Acer, Dell, HP, Gateway and others, and through its product partners claims a 77 per cent share of the US 802.11g retail market.

Since January, the Wi-Fi Alliance, the standard's interoperability and marketing body, has insisted that all WPA-certified devices ship with full security settings in place. In the past, vendors turned security off by default because of the difficulty many users had in setting up secure networks. This, in turn, helped Wi-Fi develop a reputation for being easy to penetrate. WPA certainly improves WLAN security over the older, weaker Wired Equivalent Privacy (WEP) spec, but even WPA is useless if it's not enabled. ®

Related stories

Wi-Fi Alliance preps WPA 2 security spec
Snag in next-gen Wi-Fi security unearthed
Cisco thwarts WLAN dictionary attack
Cisco Wi-Fi kit in minor security flap
Chip start-up boosts Wi-Fi rate by '10-20 times'
Atheros updates Wi-Fi speed booster tech

Securing Web Applications Made Simple and Scalable

More from The Register

next story
GoTenna: How does this 'magic' work?
An ideal product if you believe the Earth is flat
Google Nest, ARM, Samsung pull out Thread to strangle ZigBee
But there's a flaw in Google's IP-based IoT system
Orange spent weekend spamming customers with TXTs
Zero, not infinity, is the Magic Number customers want
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
NBN Co execs: No FTTN product until 2015
Faster? Not yet. Cheaper? No data
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.