WEP - Gone in Sixty seconds!

Every time I mention how WEP (Wired Equivalent Privacy) protocol used to secure wireless networks needs to die, I always get at least one comment from someone who, for one reason or another, obviously still uses WEP and wants some false hope that it's better than nothing.  Well, it isn't.  Want proof?  Here it is.

A paper by Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin of the Darmstadt University of Technology demonstrates how to break 104 bit WEP in less than 60 seconds (PDF link).

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40.000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85.000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 220 RC4 key setups, which on current desktop and laptop CPUs is neglegible.

In my book, sixty seconds worth of protection does not classify as "better than nothing".  Unless you are in a position where you aren't using your WEP-protected WiFI connection for anything remotely important, it's time to eliminate WEP altogether.  Upgrade software drivers and firmware.  If that's not possible, buy new hardware.  If that's not an option, stop using WiFi.  Period.

I know it's painful, but it's necessary.  I've even stopped connecting my old (but still functional) iPAQs to WiFi networks because they only support WEP (I never managed to get the WPA supplicant or HP patches to work to make them WPA compatible).  It's a tough call, but where security is concerned, you can't start cutting corners, taking chances and go around offering hackers and bandwidth hijackers an attack surface like that.