On TV.com: Why Is Everyone in TV High School SO OLD
BNET Business Network:
BNET
TechRepublic
ZDNet

March 11th, 2005

Hack most wireless LANs in minutes!

Posted by George Ou @ 3:19 am

Categories: Security

Tags:

Even after two years of WPA certification and nearly one year after 802.11i ratification, you might be wondering why I’m still talking about WEP encryption. The fact is, I would love to stop talking about it if there weren’t such an overwhelming percentage of corporations, retail outlets, and hospitals still using WEP. Although WPA brought us TKIP (think of TKIP as WEP 2.0) encryption and 802.11i brought us AES encryption, the upgrade process has been extremely painful and many products still don’t support TKIP let alone AES. The sad state of wireless LAN security is that the majority of corporations and hospitals still use dynamic per-user, per-session WEP keys while the majority of retail outlets that I’ve seen still use a single, fixed WEP key.

In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes! If you’re scared, you should be and you’d better go back and read the recommendations in the end of my previous blog if you’re still running WEP in any form.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 38 Talkback(s)
The hackers win again?
casininio | It seems the hackers are always one step in front (Read the rest)
Posted by: viviposter Posted on: 06/12/09 You are currently: a Guest | | Terms of Use
One solution  Roger Ramjet | 03/11/05
You're very confused  george_ou | 03/11/05
Name Calling  Gvanwinkle | 03/14/05
Clarifications  george_ou | 03/14/05
Prophecy  Gvanwinkle | 03/15/05
Why are you changing the subject?  george_ou | 03/15/05
The lady doth protest . . .  Gvanwinkle | 03/18/05
Not so  Roger Ramjet | 03/14/05
Not with server side authentication  george_ou | 03/14/05
It'll take real pain to resolve the issue  ejhonda | 03/11/05
Wasn't talking about the home  george_ou | 03/11/05
Sorry to confuse you  ejhonda | 03/11/05
Good Analogy  Gvanwinkle | 03/14/05
Still, it IS irresponsible to do that ...  coffeenite | 03/14/05
Your Options  Gvanwinkle | 03/15/05
The issue CANNOT be resolved until...  BitTwiddler | 03/11/05
Selling new WEP only devices should be illegal  george_ou | 03/11/05
Good luck  ejhonda | 03/11/05
Sooner or later guys like you bring up Microsoft  george_ou | 03/11/05
Cost vs. Benefits  Gvanwinkle | 03/14/05
That's why we have SOX or HIPAA  george_ou | 03/14/05
Hysterics?  Gvanwinkle | 03/15/05
HIPPA requires TLS (Transport Layer Security)  B.O.F.H. | 03/15/05
TLS is a very small part of security  george_ou | 03/15/05
Technically, security is a process.  B.O.F.H. | 03/15/05
Technology can make the process easier  george_ou | 03/15/05
A little surprised at  IT Scion | 03/14/05
Key word - "IF"  Gvanwinkle | 03/15/05
That's why I use MAC filtering...  DigitalKid | 03/14/05
It takes me 1 minute to defeat MAC filtering  george_ou | 03/14/05
How long does it take you to...  John Zern | 03/14/05
Usually in minutes  george_ou | 03/15/05
Updated link is here  georgeou | 07/03/06
missing the point  leftbower | 12/28/06
RE: Hack most Wireless LAN in minutes!  moizma | 10/01/07
RE: Hack most Wireless LAN in minutes!  shah372@... | 12/09/07
RE: Hack most Wireless LAN in minutes!  wolfsameh | 03/27/08
The hackers win again?  viviposter | 06/12/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    SmartPlanet

    • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
    • More from IBM
    • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
    • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
    Click Here