Wednesday, April 4th 2007

WEP Encryption Completely Broken

WEP (Wired Equivalent Privacy), the technology used to secure many wireless networks around the world, has been demonstrated to be extremely insecure in new research by a team of cryptographic researchers at the University of Darmstadt in Germany. Using information collected by previous studies that demonstrated correlations in the encryption used by WEP, the team found that they could recover a 104-bit WEP key 50% of the time using just 40,000 captured packets, increasing to a 95% success rate with 85,000 packets. To put it into perspective, 40,000 packets can be captured in under a minute, and a 1.7GHz Pentium M can them work out the WEP key in about three seconds. WEP has been known to have security flaws since 2001, but this latest research demonstrates how weak the technology has become in recent years – if your hardware supports WPA or WPA2 it is highly recommended that you shift to that if you are worried about keeping hackers out of your wireless network.Source:University of Darmstadt via The Inquirer
Add your own comment

28 Comments on WEP Encryption Completely Broken

#2
Mussels
Moderprator
i could use whatever tools they cracked the wireless with... got a lot of people i know who dont beleive me that its crackable, and need someone to do it in front of them before they'll go wired :(
Posted on Reply
#3
Jimmy 2004
Mussels said:
i could use whatever tools they cracked the wireless with... got a lot of people i know who dont beleive me that its crackable, and need someone to do it in front of them before they'll go wired :(
I use WPA2 AES/PSK on my wireless network (with a secure key - over 20 characters, a mix of numbers, letters and symbols) as well as MAC address filtering (yes, I know that can easily be bypassed but it's an extra layer of protection) so my wireless is as secure as I can make it myself. I'm sure someone out there could hack it, but it would probably need more effort than its worth. I have nothing special to hide, and there are about three WEP wireless networks I can pickup as well as one totally un-secured one - which my adaptor connects to when I update the drivers :laugh:

I used WEP until a few months back, and the only reason I didn't use WPA then is because I was bridging two wireless routers. I would hide my SSID but some laptops that use the LAN can't connect then...
Posted on Reply
#4
Zalmann
Using MAC address filtering (through my wireless routers firewall) is the best way that I use to keep people off my wirless LAN, along with hiding my SSID.
Posted on Reply
#5
regan1985
yeh hiding you ssid is what most people dont do!!! if people cant see your network then is doesnt matter if they know your password
Posted on Reply
#6
Jimmy 2004
regan1985 said:
yeh hiding you ssid is what most people dont do!!! if people cant see your network then is doesnt matter if they know your password
But you've got to remember that certain hacks will let people see it (after all, your network adaptor must know it's there to connect) and Mac addresses can be cloned very easily.
Posted on Reply
#7
Zalmann
Well, I guess you must be unlucky to have your network hacked, as most every day hackers aren't that sophisticated. As long as you've taken as much precautions as possible, then you should be right.
Posted on Reply
#8
kakazza
a) MAC Filter is useless, I would just throw your client of the WLAN and connect with mine with a spoofed MAC address

b) Hiding SSID is useless. Do you really think antennas then don't capture packets flying around? They do, I don't even have to send a packet, I just passivly sniff whatever comes in my way. Disabling SSID broadcasting only disables the response if a client asks around "hey, any APs there?". So anyone who wants to WILL SEE your WLAN, will take no time at all.

b1) Disablind SSID broadcasting is annoying. If people who do not know much about WLANs will see *nothing* and this just use whatever channel they want. But what if one or even many other APs in the area (yeh, the APs of cool *secure* people) use the same channel? It may or most certanly will interfere with your WLAN if they are close enough.


oh and c)
Anyone who can read can crack WEP, honestly... It IS that easy.



regan1985 said:
yeh hiding you ssid is what most people dont do!!! if people cant see your network then is doesnt matter if they know your password
I almost fell off my chair when I read that, lol
Posted on Reply
#9
watts289
i use 64-bit wep encryption but its ok since no one in my town barely even knows how to turn a computer on.
Posted on Reply
#10
Mussels
Moderprator
one of my friends runs without any encryption at all... then again, she has a 200m long driveway, and its about 800m to the nearest neighbour :P damned country folk.
Posted on Reply
#11
Wile E
Power User
I keep my wireless off, unless a friend brings over a lappy. My rigs are wired.
Posted on Reply
#12
Zalmann
kakazza said:
a) MAC Filter is useless, I would just throw your client of the WLAN and connect with mine with a spoofed MAC address

b) Hiding SSID is useless. Do you really think antennas then don't capture packets flying around? They do, I don't even have to send a packet, I just passivly sniff whatever comes in my way. Disabling SSID broadcasting only disables the response if a client asks around "hey, any APs there?". So anyone who wants to WILL SEE your WLAN, will take no time at all.

b1) Disablind SSID broadcasting is annoying. If people who do not know much about WLANs will see *nothing* and this just use whatever channel they want. But what if one or even many other APs in the area (yeh, the APs of cool *secure* people) use the same channel? It may or most certanly will interfere with your WLAN if they are close enough.


oh and c)
Anyone who can read can crack WEP, honestly... It IS that easy.





I almost fell off my chair when I read that, lol
Well, not everyone is a brainwave like yourself mate. Most people can barely use MS word effectively.
Posted on Reply
#13
kakazza
Well, those people are HOPEFULLY not the ones securing WLANs
Posted on Reply
#14
overcast
Zalmann said:
Well, not everyone is a brainwave like yourself mate. Most people can barely use MS word effectively.
Yeh and those people aren't going to be responsible for protecting anything valuable.
Posted on Reply
#15
WarEagleAU
Bird of Prey
Oh crap, hide the illegal downloads!!! ::ROFL::
Posted on Reply
#16
Ben Clarke
And security flaws is exactly why I don't use encryption.












I know, I'm stupid. And proud to be.
Posted on Reply
#17
regan1985
i have googles arround to see if there is a program arround that you can just download and then use to try and brake into peoples networks but i havent found one yet, the only other way i can see if to do a lot of reading which is a lot of work to see if i can brake in2 my own network lol
Posted on Reply
#18
overcast
regan1985 said:
i have googles arround to see if there is a program arround that you can just download and then use to try and brake into peoples networks but i havent found one yet, the only other way i can see if to do a lot of reading which is a lot of work to see if i can brake in2 my own network lol
Are you kidding, airsnort has been around since the early days of wireless. Hello wardriving/chalking?
Posted on Reply
#19
ktr
those are linux based, and linux has a horrible support for wifi. From airsnort's site, only a selected few cards work (monitoring mode). Also the cards they stated are no longer made. In addition, that project hasnt been updated for about 2 years, tough luck getting your card to work with it. and in more addition, these program are "B" only, so force your router to "g" only and your are ok...

look for knoppix-std v0.1, http://s-t-d.org/...this is the only few that can do the job.

Mac filter are not crap, unless you dont know which address are programed in to the router, how in hell are you gonna spoof?

Also, have anybody sniff packets out? Its not a 1-2 min thing...it can take couple hours to days...and the get a clean crack, a good whole week or so.

If you can read, you can wep crack eh? Why dont you type a nice doc on how to do so. For crack wep has been such an old thing, i have yet see a proper setup that can do the job without a hitch. Plus some peeps can have 4 wep keys that rotate? start capturing packets, than swtich...all that you caped is waste.
Posted on Reply
#20
overcast
Airsnort is definitely available for windows, if you can't find anything on Google, I can't help you.
Posted on Reply
#21
Darkrealms
LoL, I have this router and these switches and . . . uh some thing called a RJ45 crimper ;p

I do enjoy the networks everywhere I go that do give my laptop access.
I was surprised about a month ago I downloaded a trial for a mac sniffer. It gave me every mac, ip, and comp name on the network. And when done gave me the pleasant option of setting my mac to what I wanted. All for FREE
Posted on Reply
#22
kakazza
ktr said:
those are linux based, and linux has a horrible support for wifi. From airsnort's site, only a selected few cards work (monitoring mode). Also the cards they stated are no longer made. In addition, that project hasnt been updated for about 2 years, tough luck getting your card to work with it. and in more addition, these program are "B" only, so force your router to "g" only and your are ok...

look for knoppix-std v0.1, http://s-t-d.org/...this is the only few that can do the job.

Mac filter are not crap, unless you dont know which address are programed in to the router, how in hell are you gonna spoof?

Also, have anybody sniff packets out? Its not a 1-2 min thing...it can take couple hours to days...and the get a clean crack, a good whole week or so.

If you can read, you can wep crack eh? Why dont you type a nice doc on how to do so. For crack wep has been such an old thing, i have yet see a proper setup that can do the job without a hitch. Plus some peeps can have 4 wep keys that rotate? start capturing packets, than swtich...all that you caped is waste.
a) Linux has good wifi support, my 20$ usb wifi can inject and monitor at the same time.

b) Yes, macspoofing requires a client which is connected to the AP so you can use that MAC address. Either wait until it disconnects, or just throw it of the network and connect yourself ;)

c) Lets see,... passivly capturing takes long yes, thus we activly *capture* by creating the needed traffic. And with that new attack you need even less IVs, not 500.000-1.000.000 but less than <100.000.
I saw WEP being broken in less than 2 Minutes with that new attack :)

d) Uh, google, that's what I did.
Posted on Reply
#23
Mussels
Moderprator
ktr said:
those are linux based, and linux has a horrible support for wifi. From airsnort's site, only a selected few cards work (monitoring mode). Also the cards they stated are no longer made. In addition, that project hasnt been updated for about 2 years, tough luck getting your card to work with it. and in more addition, these program are "B" only, so force your router to "g" only and your are ok...

look for knoppix-std v0.1, http://s-t-d.org/...this is the only few that can do the job.

Mac filter are not crap, unless you dont know which address are programed in to the router, how in hell are you gonna spoof?

Also, have anybody sniff packets out? Its not a 1-2 min thing...it can take couple hours to days...and the get a clean crack, a good whole week or so.

If you can read, you can wep crack eh? Why dont you type a nice doc on how to do so. For crack wep has been such an old thing, i have yet see a proper setup that can do the job without a hitch. Plus some peeps can have 4 wep keys that rotate? start capturing packets, than swtich...all that you caped is waste.
AIrcrack/snort has indeed been updated recently... oh, and for windows too - i just hacked my own wireless network with a pentium 3 laptop, running windowsXP wiht my 55Mb Netgear PCMCIA wireless card. Just wanted to see how easy it was.

The programs are NOT 802.11b only - i have NO idea where you got that from.

Look up air crack, it comes with all the other programs needed, and everything works fine under windows assuming you can get the right drivers for your card.
Posted on Reply
#24
Easy Rhino
Linux Advocate
im no expert but im pretty sure WEP has been known to be insecure for a couple of years now.

and for the record hiding your SSID wont really protect you. as long as you are broadcasting some sort of signal someone somewhere can access it with the right tools. now granted the easiest way to avoid having your internets stolen is to hide SSID and to have a complicated access code which changes every month and to use WPA. although that isnt completely secure either. the point is to make it as hard as possible so the potontial hacker will try an easier target. even for an experienced hacker it will take several hours to capture enough packets from your signal to put together some sort of key and then several days to actually crack that information into an access code.

some i stuff i use with freebsd are aircrack-2.41, bsd-airtools-0.3, kismet-2007, and wistumbler2
Posted on Reply
#25
tigger
I'm the only one
i use a mac access list on my router,no wep or nothing.if the persons mac addy aint on my routers list.......goodbye.
Posted on Reply
Add your own comment