It’s time to really forget about WEP on WiFi networks

Check out this article from University College London & Microsoft, it explains how to crack any WEP-protected WiFi network in just a few seconds. Here is an excerpt :


The 802.11 encryption standard Wired Equivalent Privacy (WEP) is still widely used today despite the numerous discussions on its insecurity. In this paper, we present a novel vulnerability which allows an attacker to send arbitrary data on a WEP network after having eavesdropped a single data packet. Furthermore, we present techniques for real-time decryption of data packets, which may be used under common circumstances. Vendor produced mitigation techniques which cause frequent WEP re-keying prevent traditional
attacks, whereas our attack remains effective even in such scenarios.
We implemented a fully automatic version of this attack which demonstrates its practicality and feasibility in real networks. As even rapidly re-keyed networks can be quickly compromised, we believe WEP must now be abandoned rather than patched yet again.

A proof of concept called “wesside”designed for atheros chip is available for download. Until now rekeying every 4 minutes or so the WEP key was enough … Now I guess we should rethink our security modelsand switch to WPA !

Technorati Tags: , , ,

August 12, 2006 2 Comments

2 Responses to “It’s time to really forget about WEP on WiFi networks”

  1. ssl image
    August 14, 2006 at 1:29 pm #

    Does it really difffer from this tutorial for aircrack: http://www.tuto-fr.com/en/tutorial/tutorial-crack-wep-aircrack.php

    Who is based on christophe devine video.

    ??

  2. Alex
    August 15, 2006 at 11:38 pm #

    Yes indeed,

    some other holes in the protocol have been found and it’s now even easier to crack a WEP key.

    In the link you provided it’s the “old” way which needs 2 hours of sniffing… now you can do it in a few seconds !

Leave a Reply