The ease of hacking a WEP network
Posted on 19 Mar 2010 at 11:37
Paul Ockenden explores the dangers of WEP or WPA security, by hacking his own network
But the really scary part is what can be done with that WEP key. I went into AirPcap’s control panel, where I was able to register the WEP key I’d found, and then I fired up a copy of the network hacker’s favourite tool Wireshark. Because my WEP key was now registered I was able to capture all the network traffic on my test wireless LAN in a fully decrypted form.
In real-time I was able to watch packets of data, comprising emails sent and received, websites visited, web forms completed, and so on. Thanks to the injection facilities that exist in the AirPcap hardware, if I’d wanted to be really nasty I could have also joined the network, pretending to be one of its existing laptops or workstations.
With knowledge of the WEP key I could even set up a dummy access point that some network users might roam on to, and I’d then have full control over their connections. Just imagine the possibilities.
It’s possible to crack WPA, too, although it takes a little longer, because the only sensible way to do it is a brute-force dictionary trawl to find the password
It’s possible to crack WPA, too, although it takes a little longer, because the only sensible way to do it is a brute-force dictionary trawl to find the password.
However, bear in mind that hackers have massive 100GB dictionaries available to them that don’t just contain words but also phrases, common number sequences and just about any clever password combination that you might try to think up.
So if you really must use WPA, please ensure your password is a totally random sequence of characters, including upper- and lower-case letters, numbers and punctuation marks. Anything else is just too easy to discover.
I must admit that I had some qualms about writing this column, and even emailed editor Tim Danton to check that he was happy for me to publish details about how easy it is to crack Wi-Fi security. But we both came to the same conclusion:
a) All this info is available on the web, if you know where to look for it; and b) It’s only by showing you how easy it is to crack your Wi-Fi wide open, and what damage could be done thereby, that you’ll realise that WPA2 really is the minimum security standard that you should allow anywhere near your wireless network.
Download a year of Paul Ockenden's Mobile & Wireless columns by heading to our Free Downloads site
From around the web
WPA or WPA2 ?
How do I tell what I have when the connection software labels it 'WPA and WPA2 Personal'? On the router I can see I have only 'WPA-PSK' with 'TKIP' encryption. I think a bit more detail is needed to know if the connection is safe.
By pictonic on 20 Mar 2010 
Aircrack......
It may take longer than minutes, but Aircrack for linux is free. I tried it out as a 'project' and it, er, works.
By Waderider on 20 Mar 2010
pictonic
I think that is just plain WPA, do you have AES as an option instead of TKIP encryption?
For some reason I can't access the second page of the article...is it just me?
By stokegabriel on 23 Mar 2010
The WEP cracking is known for at least last 5 years and I do not find "brute force attack" an indication of substantial weakness in WPA. You could say the same about any other password protected system such as ssh, domain passwords, etc. http://docs.alkaloid.net/index.php/Cracking_WEP_an
d_WPA_Wireless_Networks
By pkubecka on 24 Mar 2010
I agree with pkubecka......
......lumping WPA in any form in with WEP is unfair. Cracking WEP can be done as easy as, WPA takes effort and an element of luck.
By Waderider on 25 Mar 2010
I'm not made of money....
"if I suggest you chuck out these devices you’ll resist and tell me that WEP is secure enough as it can keep most people out."
No, i'll resist and tell you that throwing out a perfectly useable laptop that cost £900 when new and a PSP that was over a £100 is not something i could afford to do. Neither of these devices will connect with anything other than WEP. Maybe someone could suggest a modem/router that will allow more than one type of encryption so older devices can still connect while my newer gear can use WPA2.
By blueleader01 on 31 Mar 2010
Wireless security
Blueleader, you can probably inprove your wireless security by restricting access to your router by MAC address. Give it a google.
By Waderider on 2 Apr 2010
hidden
i suspected someone was help themselves to my broadband but could not prove it. I have now hidden my SSID and set up a wireless access list. Then one holiday Monday last year a message popped up asking to join my network i took the plug out of the router and he/she went away.I have tried to WPA to work but it failed. Hiding the SSID is probably the best option for people my niece came in with her IPod and did not find my network and was very close to the router.
By IMACOMPUTERBUDD1 on 8 Apr 2010
Restricting by MAC Address. . .
Restricting MAC address is no barrier at all to sniffing, only to connecting. WEP is fundamentally flawed, and should only be used if you don't care about your security (or are using another layer of encryption)
By simnfs on 18 Apr 2010
Homeplug, anyone?
I dumped WEP when I discovered that even I could work out how to crack it. Since then, I've been using a couple of homeplugs to route my internet traffic, and what's not broadcast can't be hacked.
By pike_by_nature on 22 Apr 2010
pike_by_nature - A lot of radio amateurs would argue strongly with you on your assertion that Homeplug isn't broadcast. In fact, many of them claim that Homeplug is killing their hobby. I wrote about this a few months back, so you'll probably find it if you do a search.
By PaulOckenden on 22 Apr 2010
Paul - I remember reading the article (but searching didn't find it) - it must have been after your article in June last year when you suggested Homeplug as a real alternative to wireless ;-)
To be fair; I haven't heard that my homeplug broadcasts anything useable; as it were. I don't doubt it's doing something (though I'm not too sure what is in my plug that isn't in other electrical appliances that aren't interfering with anyone) but it's not providing my bank passwords to anyone.
By pike_by_nature on 22 Apr 2010
advertisement
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Autonomy's Lynch joins 27,000 on way out of HP
- ICO: no fines for breaking cookie rules
- HP set to slash up to 30,000 jobs
- Government sites to miss cookie deadline
- Microsoft tweaks multi-monitor support in Windows 8
- Apple patches Leopard, despite ending support last year
- Defra opens rural broadband funding applications
- BT's broadband sales surpass calls revenue
- Apple patches multiple security issues
- FBI warns travellers to beware attacks via hotel Wi-Fi
advertisement
