SOURCE: AirTight Networks

October 21, 2007 20:00 ET

Caffe Latte Vulnerability Discovered by AirTight: Underscores Urgent Need for Wireless Road Warriors to Adopt Best Practices

SAN DIEGO, CA--(Marketwire - October 21, 2007) -

--  Dangerous New WEP Vulnerability Demonstrated at TOORCON9
--  AirTight Offers Best Practices Checklist for Wi-Fi Users to Protect
    Laptop Data and Corporate Networks

At the TOORCON9 conference today, AirTight® security researchers, Vivek Ramachandran and Md Sohail Ahmad, revealed the discovery of the Caffe Latte vulnerability, a which shows that it is possible to crack WEP keys without an AP in the time it takes to have a cup of coffee -- hence the name Caffe Latte. AirTight Networks is the leading provider of wireless intrusion prevention solutions.

In the last few years, much has been published about the risks users face when they fire up a laptop while outside of their trusted network environment. In light of this, AirTight is providing a checklist of must-do best practices if road warriors are to protect the data on their laptop as well as the corporate networks to which they connect.

"The myth has been that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network with at least one functional AP up and running," said Ramachandran. "With this attack, one of several vulnerabilities recently discovered by AirTight researchers, we have found that it is possible to retrieve the WEP key from an isolated client -- the client can be on the moon! -- using a new technique called 'AP-less WEP Cracking.' The ramifications of this are quite startling. Indeed, the multitudes of organizations which have not yet upgraded from WEP to WPA or WPA2, especially those who need to comply with PCI regulations, now know this risk exists and that their WEP keys can be cracked even while one of their employees is taking a quick coffee break far from the RF signal of the office."

The discovery also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.

"While the real solution to mitigating risks from emerging threats such as this lies in upgrading your infrastructure to WPA or WPA2, there are simple best practices that mobile users can employ to help keep them safe not only from this attack but also from other common hacking attacks," said Jatin Parekh, director of product management at AirTight.

Best Practices Checklist

 1.  Remove undesirable wireless networks from your wireless network
     connection profile
 2.  Remove any peer-to-peer network from your wireless network connection
 3.  Connect only to trusted networks which are known to you
 4.  Disconnect immediately if you accidentally connect to an unknown
 5.  Turn off your wireless card when you do not need to be connected over
 6.  Use a VPN client when connecting over insecure public Wi-Fi hotspots
 7.  When a VPN client is not available, use a secure Web browser (SSL)
 8.  Avoid accessing confidential, sensitive or valuable information over
     unencrypted connections
 9.  Upgrade your Wireless software regularly. Always keep your laptop's
     wireless drivers updated to the latest version
10.  Review points 1 - 9 every time you are connecting wirelessly

"In a fast-paced, mobile environment, users are not always as vigilant as they should be about following best practices for Wi-Fi use," continued Parekh. "The most effective way to ensure wireless safety is by using an end point tool which can act on behalf of the user and apply best practices automatically -- and these tools are available today including a free downloadable wireless connection manager agent from AirTight -- SpectraGuard SAFE Personal Edition."

About SpectraGuard SAFE

SpectraGuard SAFE gives IT administrators the ability to enforce unique, location-based security policies. SpectraGuard SAFE protects laptop users from rapidly proliferating wireless attacks such as Evil Twin, wireless phishing, ad hoc networking and more. AirTight Networks is the only company to expand beyond Wi-Fi and offer a complete wireless policy management and enforcement solution including Wi-Fi (802.11 a/b/g/pre-n), Bluetooth, GSM, EvDO, CDMA, and infrared interfaces.

The current release of Airtight's end point solution, SpectraGuard SAFE 2.2, already contains powerful features which protect against a Caffe Latte attack and the next release of SpectraGuard SAFE goes even further to protect users by creating a unique profile for 'trusted zones' such as the office or the home. SAFE 2.5 automatically detects when the user leaves the office or home environment and automatically prevents the client from connecting to any foreign device in the new environment. This automatic profile switching mechanism completely prevents a hacker from connecting to a user's laptop and compromising its security.

SAFE allows administrators to manage devices remotely and gives road warriors a simple automated way to configure their devices to greatly reduce the window of risk. These new techniques are part of AirTight's continuing leadership in identifying emerging threats and placing priority on developing products to derail those threats.

To learn more about SpectraGuard SAFE, visit

How Caffe Latte Attacks Work

The hacker using a Caffe Latte attack tricks the user's laptop into believing it is connected to its office or home network, even though it is miles away. The hacker then gets the client to generate enough data traffic in order for the hacker to grab the WEP key of the office or home network.

At its core, the attack uses various behavioral characteristics of the Windows Wireless stack along with already known flaws in WEP to pull off this feat. Depending upon the network configuration of the authorized network it is possible to recover the WEP key from an isolated client within a time slot ranging between just a few minutes to a couple of hours. This technique can easily be used to perform similar attacks for other operating systems. For more information about the Caffe Latte attack, go to:

About AirTight Networks

Founded in 2002, AirTight Networks is the leader in wireless intrusion prevention solutions (WIPS). AirTight's award-winning SpectraGuard family of WIPS products and services delivers around-the-clock wireless policy enforcement and automatic intrusion prevention against wireless security threats while monitoring wireless LAN performance to ensure maximum network uptime and capacity. The AirTight SpectraGuard solution family has achieved industry leadership based on patented technology that eliminates false alarms, blocks wireless threats immediately and automatically, and locates wireless devices and events with pinpoint precision. AirTight Networks is a privately held company based in Mountain View, CA. For more information, visit the company's Web site at

AirTight Networks, and the AirTight Networks logo are trademarks; and AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.

Contact Information

  • Media Contact:
    Della Lowe
    AirTight Networks
    (650) 934-8191
    Email Contact