WEP cracking for dummies

WEP cracking for dummies

Summary: For those who still don't think it's a major problem to run WEP encryption on a wireless LAN, this is your final warning.  Humphrey Cheung of Tomsnetworking has released a tutorial that can essentially be summed up as "WEP cracking for dummies".


For those who still don't think it's a major problem to run WEP encryption on a wireless LAN, this is your final warning.  Humphrey Cheung of Tomsnetworking has released a tutorial that can essentially be summed up as "WEP cracking for dummies".  Every time I've written articles on the vulnerability of WEP, I almost always get some wise guy telling me that I'm full of it and that I'm exaggerating the ease with which WEP can be cracked.  Now that WEP cracking is child's play, it's almost become a recreational sport for script kiddies and a primary tool of choice for hackers.  Now anyone can break in to your WEP based wireless LAN with relative ease.

As I've warned earlier, any WEP based wireless LAN can be cracked in a matter of minutes.  The current set of attacks are all implemented in a simple all-in-one CD that is available for free download over the web and it employs the latest packet injection techniques and advanced statistical analysis tools to rapidly recover WEP keys.  Even 802.1x based enterprise wireless LANs that have relied on per-user per-session rotating WEP keys to mitigate the security threat are no longer safe because they too can be cracked wide open with just a little more effort.  Corporations and homes must protect themselves with a minimum of WPA TKIP encryption but preferably use WPA2 AES encryption.

Topic: Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What about pproprietary?

    Well, I'm setting up Cisco Aironet 350 Bridge equipment this week. It has 128 bit WEP. I'm not too stressed about it, because the equipment doesn't act as a multipoint access point, and I set 802.1x compatibility to "off." Seems to me that for enterprise systems without a high need for security, (as in this case) you should be able to simply go with proprietary equipment like this and a good hardware/software firewall on your intranet.
    • Bad idea

      The 3 minute demo from the FBI was done on a Cisco access point running WEP.

      It is also a very bad idea to use proprietary schemes. It makes non-cisco gear incompatible.

      Solution: Just use WPA-PSK mode with TKIP encryption with your Aironet 350 using the updated IOS firmware from Cisco. Your clients will also need to be updated with WPA capable firmware. Windows XP SP2 comes with WPA capable software. There are also free WPA clients for older versions of windows. http://blogs.zdnet.com/Ou/?p=50

      Good security is simple and secure. Bad security is not only painful to set up, but dangerous to use. Many of my readers who followed my advice to go WPA-PSK with TKIP encryption are very happy.
      • I have the firmware...

        After we do the prelim tests, I might as well install it. I'll look into the software you recommended. What about Linux?
        • Linux supported too

          Linux kernel 2.6 should support WPA, I would be very surprised if it didn't. If it doesn't, that would be a very black eye for Linux security. I know there are free 802.1x and WPA supplicants (clients) for Linux. I'm not too sure about driver and firmware support on the wireless NICs though.
        • If this is for a large organization

          You should also deploy proper authentication with 802.1x/PEAP if you're using this with a lot of people. WPA-PSK uses a community secret that everyone knows.
  • All in one CD?

    Where can I find that? I followed a few of your links back and finally became bored trying to decipher the nested blogs. :-)

    Also, what do you suggest for people that have devices like the PalmOne Tungsten C which, as far as I can tell, only support WEP and not WPA? Saying not to use them is not an option. So what else would you suggest?
    • Some readers get offended

      Some of our readers are sensitive to the subject of linking to actual hacking tools so I don't link to them on purpose. But if you really want to know, go to Google and search for "auditor CD".

      As far as Palm is concerned, they're putting out a defective product that only supports a defective and highly vulnerable protocol. My Pocket PC supports full blown enterprise mode WPA.
  • How safe is MAC?

    I know one wireless network that maintains a list of authorized MAC numbers, and nobody else gets in.

    At least that's how it is supposed to work. Is that safe enough or is more protection needed?
    Neil Parks
    • yer toast

      Go back and read George's earlier blogs. One of the things highlighted is the inherent insecurity in things like SSID hiding and MAC screening. Anyone who knows what they're doing will be in faster than your can type 'Help! I've been hacked!'
      Real World
    • Try this link


      Read that article.

      After you're done, read the recommendations on how to fix it.