1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WEP encryption fails miserably!

Discussion in 'Wireless' started by Ice Penov, Mar 1, 2006.

  1. Ice Penov

    Ice Penov Bit Poster

    21
    0
    14
    Hey guys,

    you're all probably familiar with this, but I never knew the flaw in the WEP concept is so big.

    I just convinced myself using my laptop with wireless card and a little program called AirSnort.

    Some intro about AirSnort:

    This little program is both a tool to hackers and security pros(aren't they the same? I have heard that security pros are nothing more than ethical hackers!). It scans the nearby wireless networks and collects a certain amount of packets encrypted using the WEP encryption algorithm. After the necessary amount is collected(some 10 minutes, depends on the activity of the network you're attacking(err.. testing) ), that program guesses that WEP key within seconds!

    These are not just claims, I have tested this and it worked! The test was simple:-

    Using my laptop with AirSnort installed I 'snort-ed' my own home wireless network(2 desktop PC's), and after some time, it printed out my WEP key!

    For all of you security pros, this might be something you might try :

    Here's the link :
    http://airsnort.shmoo.com/

    Note: it's intented for linux, but can be configured to Windows using some configurations described here :
    http://airsnort.shmoo.com/win_setup.html

    Also there should be already configured package for Windows, you should do a goolge search for that, but I have not tested those.

    Any thoughts on this one ?
     
    Certifications: SCJP, SCWCD
    WIP: Security+
  2. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Interesting find. I will take a look and post back later.....
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  3. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    i usually use the auditor or std bootcd's for these kind of ... uhm ... vulnerability tests ... :tune
     
  4. Ice Penov

    Ice Penov Bit Poster

    21
    0
    14
    that auditor cd, very nice collection of usefull little-big programs! Thanks for the link!
     
    Certifications: SCJP, SCWCD
    WIP: Security+
  5. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    I've known about the vulnerabiliy of WEP for ages. I keep telling people that WiFi is not intrinsicaly safe, and get mostly looks of disbelief!

    Many of the people I have advised have said that
    !

    :biggrin

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  6. slyuen

    slyuen Byte Poster

    112
    3
    34
    consider this...mobile phones and radio systems are not safe, they could be decrypted, yet most people in the world use them...

    even with a wired configuration......if the hacker is smart enough to bypass the firewall and sec protocols, it is still vulnerable to attacks and hacks....so that means nothing is 100% safe and we need to compromise.....

    there may be better encryptions systems developing for wifi in the future.... so i do support the idea and i look forward 4 a more secured system...

    btw...I've seen a company that used a separated (dedicated) Firewalled Internet Line just for WiFi with WPA, so even if someone breaks in to use their WiFi it's not allowing him to join the corp lan...
     
    Certifications: ECDL,A+,Network+,CST,CNST,MCDST,MCSA
    WIP: MCSE, CIW, CCNA, CWNA, Others...
  7. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    Allow me to play Devil's Advocate here.

    Who here can honestly say they are concerned about people hacking into their Wi-Fi network? I can understand companies being paranoid about it, but home users? I use WPA so (fingers crossed) I'm OK but even if I was using WEP I wouldn't be sweating it. OK, so someone might, potentially, leech your Internet connection, and, potentially, download kiddy porn, but what are the chances? What else can happen? There's certainly nothing stored on my hard drive that would upset me to find out someone else had seen. Data's backed up so a virus or even someone deleting files wouldn't be any great shakes either.

    Besides, even experienced PC users can have a hard time setting up Wi-Fi networks, so how many average people out there are going to be road-warring or whatever you call it? People with the know-how to do this are a small minority. People who do it with malicious intent are even rarer.

    I'm sure I'll get all these replies about credit card fraud, identity theft and what not, but someone can pickpocket my wallet in the street and get my credit card a hell of a lot easier.

    I reckon there's more chance of catching bird flu over the Internet than there is of someone hacking into a wireless network in my neck of the woods.
     
    Certifications: A+, Network+
    WIP: 70-270
  8. slyuen

    slyuen Byte Poster

    112
    3
    34

    according to BBC News, a guy was charged £300+ plus his laptop confiscated whist he "borrowed" his neighbour's unprotected/weakly protected WiFi.......

    I was told that there has been worries that someone who "borrows" your WiFi and browse Kiddy porn stuff/do criminal stuff, it is the responsibility of the WiFi's owner to face the charges.

    Some smart hackers deliberately set-up unprotected access points to make you connect to their network, then they will connect to your computer using it.... and if your PC holds critical data, it'll get sniffed.
     
    Certifications: ECDL,A+,Network+,CST,CNST,MCDST,MCSA
    WIP: MCSE, CIW, CCNA, CWNA, Others...
  9. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    The Wifi owner will be the first to be appreheded by the police. It is then up to them to show that it wasn't them but someone using their account without their knowledge or permission.

    This has actualy happened already in the UK. Fortunately the police involved were sufficiently clued up to realize what was happeneing, and nabbed the correct people.
    So use a firewall when connected to such an AP!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  10. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    Yes, but that was one guy. It is not happening to everyone, there are not wireless hackers on every street corner in the same way all our kids are not getting kidnapped by paedophiles and we are not all dying of Bird Flu/AIDS/SARS or whatever this month's disease that will wipe out mankind is. My point is, WEP is perfectly adequate for the majority of people. Someone set up a relative's laptop with a wi-fi connection which I discovered had no encryption at all. Did I panic? No, because she lives in a rural area where the next person with a wi-fi enabled PC is probaly at least ten miles away. She was using that for at least six months and has had WEP enabled for another six months, not once has she had PC Plod knocking on her door asking why she's been looking at pictures of little kiddies in the nude.

    I don't know if that's true or not but I find it hard to believe it would stand up in court. If the police examined you PC and there was not one trace of any dodgy websites on your PC, I seriously doubt someone would be convicted.

    OK, then as I notice Harry has said while I was typing out this post, use a firewall! Are you going to stop using public Wi-Fi hotspots on the chance your local Starbuck's network has been compromised by the Russian Mafia?
     
    Certifications: A+, Network+
    WIP: 70-270
  11. slyuen

    slyuen Byte Poster

    112
    3
    34
    agreed...firewall might be the answer...

    personally I won't refrain from connecting to any free APs available around me if I'm only interested in leisure web-browsing... I would use VPN if I had to deal with essential data over those APs :p
     
    Certifications: ECDL,A+,Network+,CST,CNST,MCDST,MCSA
    WIP: MCSE, CIW, CCNA, CWNA, Others...
  12. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Interesting thread here guy's. There is definately a lot of worry when it comes to wi-fi......
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  13. Ice Penov

    Ice Penov Bit Poster

    21
    0
    14
    I think you all guys missed the point.

    The point is not whether WEP is adequate or not for most people. Infact, many people who got on the wireless hype, are using their default factory settings from their wireless AP/routher vendor, and this includes open aceess, the default 192.168.1.245 adress to their devices and default admin password! This is a catastrophy waiting to happen!

    The point is that WEP was claimed that is secure, that it works, and it failed miserably. That's why WPA was introduced. Now this raises another question : Why use WEP when you can use WPA ? It seems a resonable one to me.

    Another thing, Baba says :

    I can understand your frustration with Bird Flu and all that, but you don't have to be a hacker to use the program AirSnort. Any user can use that program. It has GUI, has a scan button and has a dialog box that show the 'victims' WEP key. Infact, I think that these kind of wannabe kids can cause much more damage that typical hacker(who is not interested in your My Documents folder or similar...).

    Well, in the area where am I, the whole teritory is covered with wireless signal; because of that every one with a computer started buying wireless APs/routhers to connect and use the Internet service. Right now, in this moment, with one scan I can see 14 private networks, half of them are configured for open access and the rest are using WEP! Now this changes the whole picture, right?

    BTW,
    there is a 'solution' to the firewall protection, also. Its a little very popular program called nmap!

    See http://www.insecure.org/

    Ice
     
    Certifications: SCJP, SCWCD
    WIP: Security+
  14. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    Ice, funny you should join this thread as I was thinking of you as I was writing my last post. The fact that your entire country is blanketed in a Wi-Fi signal makes, IMO, the chace of your Wi-Fi network being hacked less likely. 1. No one needs to leach an Internet connection and 2. There are likely to be so many Wi-Fi networks, the chances of a hacker choosing to hack your network is greatly reduced. What do you think?
     
    Certifications: A+, Network+
    WIP: 70-270
  15. Ice Penov

    Ice Penov Bit Poster

    21
    0
    14
    Interesting...

    1. Is leaching an Internet connection considered a hack? If an attacker for some reason wants ro cause damage, he can, for instance, get your WEP key(if one), view data on your box, collect info about your AP device IP adress, connect to your AP utility using that IP address, and upload a corrupt firmware on your AP device, causing it to fail instantly! That can be one way of making a hack. The point i'm trying to make is that hack is a general term.

    2. Ha ha... Good one, Baba. I liked it! But let me interpret that fact like this :

    You say :
    There are likely to be so many Wi-Fi networks, the chances of a hacker choosing to hack your network is greatly reduced.

    I say :
    Cause there are many Wi-Fi networks, the chances of a hacker to easily acquire multiple target are greatly enhanced !

    Another thing, you are comparing probability of getting SARS and getting your unprotected wireless network hacked!

    These are probabilities, but not equal ones ; let me illustrate:

    Let p be the probability constant(ranging from 0.00 - 1.00). Then :

    Getting SARS p = 0,001 (low probability)
    Getting your WPA protected Wi-Fi hacked p = 0.031
    Getting your open access Wi-Fi hacked p = 0.34
    Getting your WEP protected Wi-Fi hacked p = 0.13 (NOTE: if you live in my neighborhood these parameters may slighty vary! :twisted: )

    Just joking! You're all great guys and I respect each one of you!

    OFF TOPIC: Although I respect each one of you including the english majority, cause of their national football team, they shouldn't expect easy wins against my country in the EURO 2008 qualifiers :p

    I'm out,
    Ice
     
    Certifications: SCJP, SCWCD
    WIP: Security+

Share This Page

Loading...