WEP - Gone in Sixty seconds!

WEP - Gone in Sixty seconds!

Summary: Every time I mention how WEP (Wired Equivalent Privacy) protocol used to secure wireless networks needs to die, I always get at least one comment from someone who, for one reason or another, obviously still uses WEP and wants some false hope that it's better than nothing. Well, it isn't. Want proof? Here it is.

SHARE:
TOPICS: Wi-Fi
14

Every time I mention how WEP (Wired Equivalent Privacy) protocol used to secure wireless networks needs to die, I always get at least one comment from someone who, for one reason or another, obviously still uses WEP and wants some false hope that it's better than nothing.  Well, it isn't.  Want proof?  Here it is.

A paper by Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin of the Darmstadt University of Technology demonstrates how to break 104 bit WEP in less than 60 seconds (PDF link).

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40.000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85.000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 220 RC4 key setups, which on current desktop and laptop CPUs is neglegible.

In my book, sixty seconds worth of protection does not classify as "better than nothing".  Unless you are in a position where you aren't using your WEP-protected WiFI connection for anything remotely important, it's time to eliminate WEP altogether.  Upgrade software drivers and firmware.  If that's not possible, buy new hardware.  If that's not an option, stop using WiFi.  Period.

I know it's painful, but it's necessary.  I've even stopped connecting my old (but still functional) iPAQs to WiFi networks because they only support WEP (I never managed to get the WPA supplicant or HP patches to work to make them WPA compatible).  It's a tough call, but where security is concerned, you can't start cutting corners, taking chances and go around offering hackers and bandwidth hijackers an attack surface like that.

Topic: Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • Better than nothing

    [i]In my book, sixty seconds worth of protection does not classify as "better than nothing".[/i]

    Of course it's better than nothing. Without it, my neighbors might not realize that they're connecting to my line instead of their own.

    Since the 802.11 AP is on the Internet side of the DMZ, that's the most an attacker could possibly get -- and from a security standpoint, it's already on the Internet.

    [i]Unless you are in a position where you aren't using your WEP-protected WiFI connection for anything remotely important, it's time to eliminate WEP altogether.[/i]

    But that's exactly the situation -- it's strictly for access to a public network anyway, so there's no increased security exposure from using WEP. I profoundly doubt that I'm alone in having nothing critical on wireless, so WEP most certainly [b]is[/b] "better than nothing."
    Yagotta B. Kidding
    • Agreed

      Well stated. This is just alarmist. Anyone with anything worth protecting on their network is not running WEP these days.

      However, be realistic - WEP is more than enough for 80-90% of home users with wireless home networks. I could't point to any person in my 110 home neighborhood with the know-how (or desire) to crack a WEP network.
      spammyman
      • All YBK said

        was it was better than nothing. He didn't say it was good enough.

        And I wouldn't underestimate those people in those 110 homes, especially if you've got teenage or college aged kids who want free WiFi and their parents get it for them. Sure, it may just start out as simply wanting to use your bandwidth, but after a while they might get bored and start poking around.

        I know I parroting George Ou by saying this, but WPA is far easier to use and significantly more secure than WEP, so why are you using WEP?
        Michael Kelly
        • Machts nichts

          [i]And I wouldn't underestimate those people in those 110 homes, especially if you've got teenage or college aged kids who want free WiFi and their parents get it for them. Sure, it may just start out as simply wanting to use your bandwidth, but after a while they might get bored and start poking around.[/i]

          At which point, I'm at no greater risk than I am now with Internet access to the exact same network. They don't need to go through my AP, and the whole world (not just the block) has access through the Net.

          [i]I know I parroting George Ou by saying this, but WPA is far easier to use and significantly more secure than WEP, so why are you using WEP?[/i]

          Because it's spending money (however little) for something that doesn't get me anything that matters.
          Yagotta B. Kidding
          • Then why run any protections at all?

            [i]At which point, I'm at no greater risk than I am now with Internet access to the exact same network. They don't need to go through my AP, and the whole world (not just the block) has access through the Net.[/i]

            Then why run any protections at all? With that kind of mentality, why even lock your doors at night, since homes have lots of glass windows that can be busted and breached? How could locking anything down possibly make any difference, right? Would that be more "pragmatic" advice from the YBK household?

            WEP intrusions in under 60 seconds, with an array of less potent but highly effective sniffer and attack tools in the wild as is. Little to be concerned about since other attack vectors exist, and as some would like to profess, nothing of value on the network is exposed anyway. Ha!

            [i]Because it's spending money (however little) for something that doesn't get me anything that matters.[/i]

            A case of the blind leading themselves astray, merrily.
            klumper
          • You're starting to get the idea

            [i]Then why run any protections at all? With that kind of mentality, why even lock your doors at night, since homes have lots of glass windows that can be busted and breached? How could locking anything down possibly make any difference, right? Would that be more "pragmatic" advice from the YBK household?[/i]

            Because (as with any security measure) locked doors are enough to send "attackers" looking for less-difficult targets. Like those windows, which have the drawback of being more attention-getting than someone just walking in the door.

            As for the electronic "protections," (as I already mentioned) they keep my clueless neighbors from using my connection instead of their own. I'm not worrying about them cracking WEP because by the time they figure out that they even [b]could[/b], they've also acquired enough clueth to no longer be a concern.

            [i]WEP intrusions in under 60 seconds, with an array of less potent but highly effective sniffer and attack tools in the wild as is. Little to be concerned about since other attack vectors exist, and as some would like to profess, nothing of value on the network is exposed anyway. Ha![/i]

            And you still haven't mentioned any downside. An "attacker" gets access to my Internet connection. How big a deal is this, given the number of public access points already available?
            Yagotta B. Kidding
          • Unwise presumptions

            [i]Because (as with any security measure) locked doors are enough to send "attackers" looking for less-difficult targets.[/i]

            This presupposes every hacker, black hat and cybersnoop only looks to target unsecured open networks. Think again. If you're going to take the time to acquire and configure the WEP-busting tools needed, do you really think the cyberpunk is not going to use them on the very targets they're aimed at compromising? That's part of the fun, and that's exactly who I targeted when I "tested" them last year. I can tell you first hand they work (after enough trial and error and a modicum of patience).

            [i]An "attacker" gets access to my Internet connection. How big a deal is this .. ?[/i]

            Once you're in thru the gate, the joker's wild. The simpletons BW pimps and wardrivers are aiming for cheap payoffs (free bandwidth); the black hats are honing in for far more. At that point it comes down to how secure and hardened your network is, and the range of your transmissions. If you're running WEP, chances are likely your guard is down in more places than one. You're ripe for piggybacking in more ways than one.

            So you think it's insignificant to leave yourself wide open to the interception of your e-mails? How about the examination of your private files? How about the compromising and piggybacking of your network + internet connection to allow someone else to distribute their own communications? How about the hijacking or destruction of your personal information? You enjoy knowing anyone within range can "listen in" on your personal network? That's what you bargain for running WEP wireless, and fall within the "right" person's reach. You may not fully appreciate the value of dynamic key encryption, but those who understand its importance do. When it comes to security, corner cutting is not worth the lost peace of mind. The day a doubter discovers they're owned is often their day of awakening, but by then it's too late.

            [i]And you still haven't mentioned any downside.[/i]

            Weak (now non-existent) encryption security is the downside, like keeping unlocked doors at night. Wired Equivalency Privacy [WEP] is now a misnomer, since it no longer provides privacy. You still haven't mentioned a single WEP [i]upside[/i]. Any come to mind?
            klumper
          • Hardly unwise

            [i]>> An "attacker" gets access to my Internet connection. How big a deal is this .. ?

            Once you're in thru the gate, the joker's wild. The simpletons BW pimps and wardrivers are aiming for cheap payoffs (free bandwidth); the black hats are honing in for far more. At that point it comes down to how secure and hardened your network is, and the range of your transmissions. If you're running WEP, chances are likely your guard is down in more places than one. You're ripe for piggybacking in more ways than one.[/i]

            Please read carefully: [b]the "attacker" isn't in through the gate[/b] -- the gate is somewhere else. All he's gotten access to is the public street.

            [b]My wireless AP is not connected to the internal network except through the Internet.[/b] Attacking it gets him nothing that isn't there for free in the first place.

            [i]So you think it's insignificant to leave yourself wide open to the interception of your e-mails?[/i]

            E-mails are postcards, and the overwhelming majority go straight to /dev/null. If some "attacker" want's to intercept the 70,000 spam that weren't dropped by DNSBL during Q1, they're welcome to them. Any genuinely private e-mail is, of course, encrypted.

            [i]How about the examination of your private files?[/i]

            Private files are, of course, on a reasonably secure server not accessible from the Internet and which uses the usual host authentication and encrypted transfers for the [u]wired[/u] connections to local client hosts. To get to them, an attacker has to get past a real firewall (which has altogether three open ports), then compromise the DMZ machine, then past another firewall (no open ports) in order to get to the local hosts which are individually locked down to the same standard as the notebook that is hardened against use in the wild.

            So far none of the intrusion detection systems (and they check each other) has so much as twitched in its sleep.

            Not that that has anything to do with WEP, because the wireless isn't connected to it.

            [i]How about the compromising and piggybacking of your network + internet connection to allow someone else to distribute their own communications?[/i]

            As originally stated, there are public hotspots all over. If someone wants to sit parked outside of my house waiting for the wireless to fire up so that they can send spam, it's a risk I'm willing to take. So far, the AP logs show no sign that anyone but me has ever connected to that way, so I'm not losing anything.

            [i]How about the hijacking or destruction of your personal information?[/i]

            See above about access to "personal files."

            [i]You enjoy knowing anyone within range can "listen in" on your personal network?[/i]

            My personal network is wired and encrypted. If someone with full TEMPEST snooping wants to crack it, I'm screwed anyway since they could much more easily break in and bug the boxes themselves.

            [i]That's what you bargain for running WEP wireless, and fall within the "right" person's reach. You may not fully appreciate the value of dynamic key encryption, but those who understand its importance do. When it comes to security, corner cutting is not worth the lost peace of mind. The day a doubter discovers they're owned is often their day of awakening, but by then it's too late.[/i]

            You know, before going off on a full rant you [u]might[/u] have taken a few seconds to at least [i]try[/i] to comprehend the setup described in my original post. You've spent this whole post blathering about something that doesn't exist: wireless access to my private network.

            Pay attention next time.

            [i]>> And you still haven't mentioned any downside.

            Weak (now non-existent) encryption security is the downside, like keeping unlocked doors at night. Wired Equivalency Privacy [WEP] is now a misnomer, since it no longer provides privacy. You still haven't mentioned a single WEP upside. Any come to mind?[/i]

            Yup, same as the original post: my clueless neighbors don't accidentally connect to my AP for Internet access instead of their own.

            Again, it's a good idea to actually read the thread before blazing away.
            Yagotta B. Kidding
          • The great 1%ers

            [i]You know, before going off on a full rant you might have taken a few seconds to at least try to comprehend the setup described in my original post. You've spent this whole post blathering about something that doesn't exist: wireless access to my private network.[/i]

            Not sure where my "rant" was, seemed more like common sense advice. I think the better question is: what is your whole point in chiming in on this subject anyway? To represent the smug 1%ers? The author is showing the weaknesses of WEP and its sorry state today, and you choose to brag how you are custom-configured to mitigate any possible damages, though you concede your transmissions remain exposed running compromised encryption (which remains your problem, and not everyone in la la land views their e-mail as simple "postcards"). What service are you providing anyone by putting forth the custom scenario you are, and how does it prove WEP is of any value to the 99%ers who'll be reading this?

            Before taking the high road with your own little rants, why don't you examine the basis and intent of what is being suggested. You still haven't provided a single upside to WEP head to head against WPA (since there isn't any), and seem bent on proving running a weakened security standard is a smart (or acceptable) course of action. It may be justifiable in your personal framing based on your custom set up, but it won't be for 99% of others out there. So who is your advice aimed at, and how is less security better?

            [i]I profoundly doubt that I'm alone in having nothing critical on wireless.[/i]

            No I'm sure there are others who know of the importance of hardening or bridging measures, and of isolating Y from Z on the network. That probably represents what we could call the 1%ers (and that's 1% at best btw). I know how and you know how, but so what? These articles aren't aimed at geeks and gearheads exclusively.

            [i]Private files are, of course, on a reasonably secure server ... To get to them, an attacker has to get past a real firewall (which has altogether three open ports), then compromise the DMZ ... So far none of the intrusion detection systems (and they check each other) has so much as twitched in its sleep ... My personal network is wired and encrypted.[/i]

            For the 99%ers, a simple $40 NAT/SPI capable router and a matching WNIC adapter will provide all the high grade protection they need, assuming they implement WPA [TKIP or AES] properly. And their postcards (er, e mail) and anything else they choose to unleash across the airwaves will have little chance of being intercepted or captured.

            [i]If someone wants to sit parked outside of my house waiting for the wireless to fire up so that they can send spam, it's a risk I'm willing to take.[/i]

            Ah not running an "always-on" connection either, what a novice idea. Wonder how many others running wireless networks and/or high speed internet connections disable them regularly. Maybe 1% again? For the 99%ers who don't, they remain wide open to piggybacking.

            This whole issue could be settled within one hour, for anyone within range equipped with the right tools and a little know-how (count your lucky stars your neighbors remain clueless). We could test the effectiveness of [b]YBK's Guide to running WEP securely.[/b] Only make sure you're part of the 1%ers (read for certain isolation and hardening ideas above) before patting yourself on the back on your choice of sticking with WEP.
            klumper
  • My neighbors...

    don't run any encryption at all. When my modem broke I popped in a wifi card I had lying around and booted up PCLinuxOS from CD and BAM! back to emailing my new hot Russian pen pal girlfriend. Dr. Phil better not lie to me! =)
    Hrothgar - PCLinuxOS User
    • One upside to open

      [i]BAM! back to emailing my new hot Russian pen pal girlfriend.[/i]

      Ok there's one upside I suppose. Open wide baby. :) But then, you're now tapped in on, and tied to, an unsecured matrix (Dr. Phil might advise otherwise, if he knows his IT from his PHD).

      Sweet Rusky dreams mate. ;)
      klumper
      • Wireless Access

        I've used WPA for a few years now with my DSL - I share my connection with the whole building (6 apartments, 128k bandwidth caps on a 3000k connection, mind you) - And they all have the same shared key (Although I had to write it down and put it in my fire box, not too many people can remember 50+ charactors) - I know it's better than WEP (It also uses ALOT less bandwidth); and it's smooth sailing for me.....I know I'm secure.

        I really can say that too - Been over two years, and the logs show ATTEMPTS - But no successes! Makes me all happy too, for a $70 Wireless G Router!

        The only time I've changed keys is if someone moved (Then I rehash it, and save the .txt to a floppy - Then of course, lock it up - Problem solved, in my opinion!

        Have a good one (And KILL WEP!!!!!)

        Kenny
        kwsjr82
  • Bravo! Well done!

    Thanks very much for bringing this research to the attention of the user community. Such hard information is worth more than an infinite number of opinions "based on my experience."
    JRobert345
  • OK, we get it already!

    More of the same. WEP is dead. Nuff said.
    3dguru