The ease of hacking a WEP network
Posted on 19 Mar 2010 at 11:37
Paul Ockenden explores the dangers of WEP or WPA security, by hacking his own network
Whenever I write about Wi-Fi I always try to include a few lines encouraging you to set up your networks with WPA2 security, and I know that several of my fellow columnists have said exactly the same thing.
But as I travel around the country, I still see countless wireless networks with WEP or WPA (without the 2) level security. I know why some of you do this; you have legacy laptops or other mobile devices, whose drivers only support WEP security, but I also know (because I’ve had this conversation by email with several readers) that if I suggest you chuck out these devices you’ll resist and tell me that WEP is secure enough as it can keep most people out.
Well, perhaps I can shock you into changing your mind. You probably believe that if someone breaks into your wireless network the worst they can do is use your connection for some dodgy downloads, but what you may not realise is that once a hacker has your WEP key, they can also see all your network traffic.
What you may not realise is that once a hacker has your WEP key, they can also see all your network traffic
They can see your usernames, passwords, bank balances, and perhaps even a list of those “special” websites you visit when you’re home alone.
To demonstrate how this works, I’m going to use a MetaGeek product (no, I’m not on its payroll, just a satisfied customer) called AirPcap Tx, which is short for Air Packet Capture.
Like the Wi-Spy devices this is a USB2 dongle, but this one is designed to capture all Wi-Fi data on a particular channel, and not only data addressed to a particular client but everything: all traffic, not just data.
AirPcap Tx captures control and management frames, too. It enables you to inject data and control frames back into an existing Wi-Fi connection, which makes it a pretty scary tool that could easily be abused.
It’s also readily purchasable by mail order, so it’s important that you should know what a neighbour could do if they had one. With an AirPcap Tx plugged into my laptop and a copy of some software called Cain & Abel, I was easily able to discover the WEP key that I’d set up for a test network.
I simply captured a few hours’ worth of network activity from the WEP-enabled network, then clicked an option to analyse the results, and in a few seconds it returned the details of my WEP key. If this had been an office environment rather than my own test setup, I’d have been able to perform the same crack with just a few minutes of data.
Download a year of Paul Ockenden's Mobile & Wireless columns by heading to our Free Downloads site
From around the web
WPA or WPA2 ?
How do I tell what I have when the connection software labels it 'WPA and WPA2 Personal'? On the router I can see I have only 'WPA-PSK' with 'TKIP' encryption. I think a bit more detail is needed to know if the connection is safe.
By pictonic on 20 Mar 2010 
Aircrack......
It may take longer than minutes, but Aircrack for linux is free. I tried it out as a 'project' and it, er, works.
By Waderider on 20 Mar 2010
pictonic
I think that is just plain WPA, do you have AES as an option instead of TKIP encryption?
For some reason I can't access the second page of the article...is it just me?
By stokegabriel on 23 Mar 2010
The WEP cracking is known for at least last 5 years and I do not find "brute force attack" an indication of substantial weakness in WPA. You could say the same about any other password protected system such as ssh, domain passwords, etc. http://docs.alkaloid.net/index.php/Cracking_WEP_an
d_WPA_Wireless_Networks
By pkubecka on 24 Mar 2010
I agree with pkubecka......
......lumping WPA in any form in with WEP is unfair. Cracking WEP can be done as easy as, WPA takes effort and an element of luck.
By Waderider on 25 Mar 2010
I'm not made of money....
"if I suggest you chuck out these devices you’ll resist and tell me that WEP is secure enough as it can keep most people out."
No, i'll resist and tell you that throwing out a perfectly useable laptop that cost £900 when new and a PSP that was over a £100 is not something i could afford to do. Neither of these devices will connect with anything other than WEP. Maybe someone could suggest a modem/router that will allow more than one type of encryption so older devices can still connect while my newer gear can use WPA2.
By blueleader01 on 31 Mar 2010
Wireless security
Blueleader, you can probably inprove your wireless security by restricting access to your router by MAC address. Give it a google.
By Waderider on 2 Apr 2010
hidden
i suspected someone was help themselves to my broadband but could not prove it. I have now hidden my SSID and set up a wireless access list. Then one holiday Monday last year a message popped up asking to join my network i took the plug out of the router and he/she went away.I have tried to WPA to work but it failed. Hiding the SSID is probably the best option for people my niece came in with her IPod and did not find my network and was very close to the router.
By IMACOMPUTERBUDD1 on 8 Apr 2010
Restricting by MAC Address. . .
Restricting MAC address is no barrier at all to sniffing, only to connecting. WEP is fundamentally flawed, and should only be used if you don't care about your security (or are using another layer of encryption)
By simnfs on 18 Apr 2010
Homeplug, anyone?
I dumped WEP when I discovered that even I could work out how to crack it. Since then, I've been using a couple of homeplugs to route my internet traffic, and what's not broadcast can't be hacked.
By pike_by_nature on 22 Apr 2010
pike_by_nature - A lot of radio amateurs would argue strongly with you on your assertion that Homeplug isn't broadcast. In fact, many of them claim that Homeplug is killing their hobby. I wrote about this a few months back, so you'll probably find it if you do a search.
By PaulOckenden on 22 Apr 2010
Paul - I remember reading the article (but searching didn't find it) - it must have been after your article in June last year when you suggested Homeplug as a real alternative to wireless ;-)
To be fair; I haven't heard that my homeplug broadcasts anything useable; as it were. I don't doubt it's doing something (though I'm not too sure what is in my plug that isn't in other electrical appliances that aren't interfering with anyone) but it's not providing my bank passwords to anyone.
By pike_by_nature on 22 Apr 2010
advertisement
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- VeriSign slammed for security breach cover-up
- SAP willing to share HANA with Oracle
- Why using a tablet could harm your health
- New RIM boss: no need for drastic change
- RIM founders fall on their swords
- Slow economy helps boost Red Hat revenue by 23%
- Google+ pages get multiple admins
- One in five companies lack card industry compliance
- Oil industry warns hacking attacks could kill
- British workers fear email monitoring
advertisement
Printed from www.pcpro.co.uk