WEP key wireless cracking made easy

Gone in 60 seconds?

It's either a conspiracy committed by the Bush administration to drain our computers of processing power so he can cluster them to put the final touches on his plan to become the evil overlord of the universe OR Microsoft was the original architect...

MILES easier...

...to break into the house containing the router and with a pen, copy the WEP key off of the router/modem's barcode onto your hand, hey presto, free broadband in under 15minutes.

;)

Gone in 1800 seconds

A tip: Set up the IPs statically and leave the DHCP switced on, only ban all addresses the DHCP will provide. Couple this with WPA and MAC address filtering and it might take up to half an hour for the hacker to get in :)

Or alternatively set up the Wifi so that it only routes to your VPN server. Or better still both :-)

What do you mean that most home users don't have a VPN server?

WPA not much better

WPA with a weak passphrase (like most people use) is easily broken with a deauthentication attack to capture the 4 way handshake between AP and client, which is handily encrypted with WEP. MAC filtering, bah, ifconfig takes 2 seconds to change a mac address.

Wireless security

WPA-PSK, DHCP on, though not banned. MAC filtering is in place and I regularly take a peek at the DHCP client list to see if there's anything unusual.

Unlike most, my wireless network is only up when I'm actaully using it though, so there's a little less chance of someone trying to break in while I'm not paying attention.

Weak passphrases

"WPA with a weak passphrase (like most people use) is easily broken"

Any encryption method with a weak passphrase is easily broken. People need to be educated into using a phrase and some numbers together.

If education isn't possible, perhaps people need to be issued with physical keys of some kind that automatically assign a strong passphrase to the owner's devices.

Hasn't this been discussed before?

If anyone is sad enough to go to the effort of breaking into your wireless network at home, then you evidently have a far greater problem than bandwidth leeching. Stalking, for example, or angry ex-girlfriends perhaps. After all, what on earth do you keep (apart from those two thousand pirated MP3s and that copy of VMWare) that is so secret?

http://www.theregister.co.uk/2007/01/02/wireless_hacking/

Excellent.

"Sweet: free Internet wherever I am" is what a theoretical laptop owner might say.

Home users don't care

Most home users simply don't know, or don't care, and if they do it's not to stop professional hackers (we all know that's not possible!), it's to stop Fred from next door using your internet connection for free.

So WEP with your surname as the password probably suffices for many...

re: Hasn't this been discussed before?

I don't know why people keep thinking they have nothing on their PCs worth having so no one would want to break in. It's not about the PCs on the network. It's about the outgoing internet connection.

Wireless hot spots and corporate lans are usually strictly filtered so not as useful as a home network which usually isn't. Given access to your network they can now do things that they wouldn't want traced back to themselves.

The list includes:

Spamming

Attempting to break into other computers

Viewing child porn. (they actually caught a guy doing this in Toronto)

Any one of these will leave you in a "guilty until proven innocent" scenario as far as your ISP is concerned and may result in legal trouble as well.

Why use wireless?

Why use wireless when wired is more secure? And less hassle.

Why use wireless, he asks??

"Why use wireless when wired is more secure?"

You've obviously never had a teenage daughter sitting on the settee in the front room with her laptop, surfing the web, IM-ing her friends, doing her homework and watching telly all at the same time. She'll still try to do this even with a wired network, and after you've tripped over the trailing network connection across the room for the third time, you'll get wireless too.

Why use wireless? simple...

For people who rent, fixing up a wired network simply isn't an option (assuming you want your deposit back). Even for those that don't, setting up the wiring is non-trivial if you don't want your house to look like a workshop with wires stapled to the skirting boards. Digging channels in walls and drilling holes in floors for routing the CAT5 is not exactly the work of an afternoon - and nor is plastering over the aforesaid holes afterwards!

Physical security is the way to go

Go for the physical security option. A 500m exclusion zone patrolled by armed guards with instructions to shoot anyone seen carrying a laptop or PDA is the way to go. A 3m high solid earth bank around the house should stop those armed with directional antennas snooping from further afield.

Why not have a laugh?

Your neighbours aren't going to boost your Internet connection if it's no use to them.

Check out:

http://www.ex-parrot.com/pete/upside-down-ternet.html

The basic approach this guy takes would probably be enough, but it wouldn't take much to make it far, far more offensive.

WPA works?

I've never had any luck getting WPA to work for any OS so far, maybe it's a bad implementation, maybe it's that fact that Windows doesn't like it, maybe it's the fact that the only other OS i use (Solaris) doesn't yet support it ...

Even with the latest hack I'll still advise people to turn of WPA and use WEP.

So what, we're using 128-bit

Unless I'm mistaken the default WEP key size is 128-bit and of course every bit doubles the number of possibilities.

Let's assume for just a second that the attack is scalable and the time taken simply doubles when the number of possibilities doubles.

Starting with the premise of 1 minute for 104-bit and the fact there are 24-bits remaining between the 104-bit demonstration and the 128-bit reality that means we should double the 1 minute attack time 24 times.

This gives us a result of 8,388,608 minutes or 139,810 hours or 5825 days or nearly 16 years.

I wouldn't say 128-bit WEP is dead just yet although obviously improved attack mechanisms and faster CPU's will no doubt continue to erode it.

[)amien

104bit is 128bit.

104 bit Wep is 128bit wep. Its a 104bit key combined with a 24bit Initialisation Vector, which equals 128bit.

Also it matters little how large your key is, if the implentation of the encryption is fundamentaly flawed.

Really, who cares?

at work mayeb, but even if my neighbours COULD get in to our wireless network, what on earth would they want out of it? I guess if they have a mythtv frontend on a linux box they could steal our tv, but then we do have two tuners, so we probably wouldn't notice :)

i COULD break into a ford fiesta in two minutes, and that takes a lot less than a laptop and procesing power. A simple brick and crowbar will do that, and you can buy those anywhere.