60 seconds for cracking Wireless-WEP

[gmtfan]

With growing numbers using wi-fi in their homes, Paul Rubens looks at how good security is on these networks.
In less than two minutes hackers can defeat the security measures protecting many home wireless internet connections.

Defeating these measures could let them capture passwords, steal confidential information or download illegal pornographic material using the connection.

Many home internet users rely on an encryption system called Wireless Equivalent Protection (WEP) to stop others using their wi-fi link, even though WEP has long been known to be flawed.
In early April three cryptographic researchers at the Darmstadt Technical University in Germany revealed a method of exploiting the flaws far more effectively.

Before now it took at least 20 minutes of monitoring the airwaves before it was possible to break in to a wireless network protected by WEP.

Now, armed with a program called Aircrack-ptw written by the researchers, it is possible to break in to the same network far faster.

http://news.bbc.co.uk/1/hi/technology/6595703.stm

We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.

Link: http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
Article: http://eprint.iacr.org/2007/120.pdf

So what??? :cy:

 

[labrocca]

This is why I don't use wireless in my house.

 

[tfking]

Unfortunately, I do use WEP 64 in my house! I would hate to go back to wired, but this type of vulnerability is giving me little choice.

Just realized that I just told the world about WEP vulnerability in my house and that it woudn't take that much of an effort to find me. Pretty stupid, but now back over on wired network now. I will either upgrade the wireless security or stay on wired.

 

[gmtfan]

Don't worry! Now you can switch to use WPA if you really need to do so!

 

[tfking]

Thanks! I know about WPA, but I'm too tired at the moment to change the settings on the router and laptops. I will have to stay wired for a day or so.