The discussions about how insecure WEP is have been going on for a while. I introduced a number of you to these WEP security (or insecurity) analyses, one by the University of Berkeley, and another by the University Of Maryland, almost a year ago. Those were academic publications, and a bit heavy on theory.
Also, there was AirCrack, a WEP Key Cracking tool, provided generously to the Internet community. The instructions for AirCrack I could master, with slight difficulty.
In December 2004, and then March 2005, SecurityFocus published WEP: Dead Again, Part 1 followed by WEP: Dead Again, Part 2. These two articles outlined how WEP could be cracked, with some skill required.
And in March 2005, George Ou published Hack most wireless LANs in minutes!.
The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.
In May 2005, TomsHardware, a well known computer enthusiasts web magazine, published a pair of articles, which some called WEP Cracking For Dummies, that suggested
After reading these two articles, you should be able to break WEP keys in a matter of minutes.
Part 1: Setup & Network Recon, was published in early May, and Part 2: Performing the Crack, a week or so later.
Maybe a month after WEP Cracking For Dummies, we now have WEP Cracking For Dummies: The Video, where you can watch an entire WEP crack being done before your very eyes.
The cracking process, shown in the 5 minute video, uses 3 components of the Auditor Security Collection, available online.
- Airodump to sniff packets, and get the MAC address of an unprotected Wireless Access Point.
- Aireplay to choose, and inject, packets back to the target, yielding the IVs when the right packets are injected.
- Aircrack to take the IVs generated by Aireplay, and compute the key.
If made part of a bootable CD-ROM, you can run Auditor from your laptop without doing any system work - just boot from CD.
To describe the situation in plain terms, your typical script kiddie wardriver would have been found, last year, shopping at Frys Electronics. This year, at Walmart, or maybe ToysRUs.
If you're still protecting your wireless LAN with WEP, it's time to move up. This week, if not sooner. But, when you setup WPA, use a strong passphrase, or a complex and random sequence of characters.