Rest in pieces, WEP: Retire your WEP based WLAN equipment today

Published 07 August 06 01:58 PM | alexholy 

I've always had this uneasy feeling about WEP secured wireless networks, so when I moved to my current apartment a year ago I purchased WPA enabled devices. Unfortunately this means I cannot use and will not buy a number of nice devices (such as digital cameras with WLAN) secured only by WEP. A lot of equipment still does not do WPA, or perfoms sluggish when using WPA. All those devices should no longer be used. Changing my home network to WPA was sort of painful, but it paid off. 

Because it finally happened: WEP is dead. A paper recently published by Andreas Bittau, Mark Henley (both researching at the University College of London) and Joshua Lackey (Microsoft) describes a new, devastating attack. (Download their research paper here: http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf ) The new attack relies on packet fragmentation and use of the known 8-byte LLC/SNAP headers to speed up decryption.

Basically it is so efficient it renders WEP useless. Totally useless.

The method described in the paper breaks WEP in seconds. That said, mechanisms like EAP, changing WEP keys every few minutes, are useless as well. To proof their point, the paper refers to a tool called "wesside". The paper claims it can break many WEP networks in seconds. (For the curious: The tool is written for FreeBSD, and relies on low level functions of the Atheros WLAN card. Source is provided here: http://www.cs.ucl.ac.uk/staff/a.bittau/frag-0.1.tgz). Rest assured that someone has ported this to other platforms and alternate hardware by now.

To illustrate the gravity of the situation: according to the paper, typically around 76% of WLANs in the London Area are secured by WEP, in the Seattle Area an estimated number of 85% is given. Only 20% (London)/14%(Seattle) of WLANs use WPA, practically no one uses 802.11i

The consequence: Switch from WEP to WPA or 802.11i. Retire all your WEP-only equipment today. Methods relying on frequent change of WEP keys will no longer save you.

Filed under:

Comments

# RogerH said on August 7, 2006 12:07 PM:
Good post, thanks for the tip. I read about WEP being compromised but not this easily!
# BlakeHandler said on August 8, 2006 1:36 AM:
Here's a nice step-by-step on how to crack WEP

http://www.tazforum.thetazzone.com/viewtopic.php?t=2069.
# Daniel's Blog said on August 8, 2006 5:00 PM:
<a href="http://blogs.msdn.com/alexholy/archive/2006/08/07/690912.aspx" target="_blank">http://blogs.msdn.com/alexholy/archive/2006/08/07/690912.aspx</a>
# Better quit using WEP... said on August 8, 2006 10:24 PM:
PingBack from http://www.mustangevolution.com/forum/better-quit-using-wep-22681.html#post328175
# billyboylindien said on August 14, 2006 7:31 AM:
Does it really differe from the Devine's methodewho is describ in this tutorial:
http://www.tuto-fr.com/en/tutorial/tutorial-crack-wep-aircrack.php
# alexholy said on August 23, 2006 9:02 AM:
yes it is different. the video is not in realtime, and he captures huge amount of traffic. the method described in the paper requires just one packet of data, and the time to break the key (even a strong one) is an order of magnitude smaller.
# Ma petite parcelle d'Internet... said on August 24, 2006 8:44 AM:
Comme aiment  le faire nos amis anglophones, je vais commencer directement par la conclusion. Cette attaque est une mthode permettant de dclencher une gnration de trafic par un rseau protg par WEP. Point  la ligne. Son utilisation pour casser...
# HCS’s and Gen’s Place » Blog Archive » Say Bye Bye to WEP. said on August 29, 2006 9:27 PM:
PingBack from http://www.hescominsoon.com/wp/archives/695
# Windows Vista said on September 1, 2006 9:01 AM:
Bonjour tout le monde,On le savait depuis des années, des articles complets mettaient en alerte les DSI...
# wesside-ng said on September 12, 2007 4:42 PM:

PingBack from http://www.xorax.info/blog/wifi/196-wesside-ng.html

# samples free cute myspace layouts lt font said on September 26, 2007 6:39 AM:

samples free cute myspace layouts lt font

Anonymous comments are disabled

Search

This Blog

Syndication

Microsoft Tech·Ed Developers
Page view tracker