digg

Facebook Connect Join Digg About

How To Crack 128-bit Wireless Networks In 60 Seconds [inc Video]

shawnhogan.com 128 bit WEP encryption secure? Think again! KisMAC + standard dictionary cracks two keys in under 60 seconds. "I'm not even sure if I want to run a wireless network anymore to be honest..."

Who dugg this? Made popular Aug 7, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

179 Comments

show profanity settings
expand all
  • stmiller, on 10/12/2007, -2/+36Use WPA2! With a long 1337-speak passphrase.
  • TomMcBaum, on 10/12/2007, -2/+34Anybody who uses standard *NIX dictionary terms as a password is asking for trouble.
  • deut, on 10/12/2007, -3/+26"I'm not even sure if I want to run a wireless network anymore to be honest..."

    I don't anymore. I've run Cat5 all around the house with nice RJ45 wall mounted boxes in most of the rooms. They all go back to a single firewall/router. Best way IMHO, faster and safer.
  • PantherX, on 10/12/2007, -1/+24WEP has been insecure for a long time. Doesn't matter how many bit encryption it uses because it's a flawed design.
  • fujiman, on 10/12/2007, -0/+22Yeah, wake me up when you crack a WPA network (with a 128 bit random passphrase) in 60 seconds.
  • elusive, on 10/12/2007, -0/+19Yes, WEP has been known to be broken for years now (no matter what password you use). I suppose people will digg anything with a video.

    WEP is still useful to prevent casual snooping but not for much more than that.
  • slugsly, on 10/12/2007, -5/+21"Even as a relatively knowledgeable tech guy, this seems like utter insanity to me"

    If you haven't known WEP was crap for the last couple years you aren't too tech savy.
  • sardonic, on 10/12/2007, -2/+15his WEP key: wireless1
    oh and: wireless2
  • randomvictim, on 10/12/2007, -1/+14What is the best windows equivalent of Kismac?
  • kentmartin, on 10/12/2007, -5/+18My feeling on all this is, for the overwhelming bulk of situations, why bother with wireless encryption at all. We've spent the last few years operating on the assumption that there is going to be a man in the middle attack on the public net anyway, so, any packet sniffing unwanted folks do should be useless to them, because that is the sort of attack we are already prepared for.

    The only real worry would be worms and such for windows boxes, but, distributing worms by way of wardriving would be several orders of magnitude too inefficient to be profitable. You can (and probably should) be securing against this type of attack anyway (with personal firewalls and such) - don't know much about it, don't run any windows machines.

    I deliberately keep mine at home open so the neighbor's or anybody wandering past can use my connection at will. My SSID contains the words "Public Welcome" and, I've noticed people don't tend to abuse things if you let them know they are welcome to use it. I consider it a public service, and, I am grateful when I travel and find that others have extended the same courtesy to me. This "hoard what is mine even if it doesn't hurt me to share it" mentality hurts everybody and benefits none.

  • jtp8736, on 10/12/2007, -1/+14Forgive my ignorance, but isn't a WEP hex key often generated by a word? I think that's what my router does. You can use a random key, but I guess for most people using a memorable word makes things easier. Correct me if I'm wrong.
  • T0PS3O, on 10/12/2007, -5/+17Forgot to mention this quote from the guy's article:

    "It doesn't even matter if you setup your wireless network to be public or not, because kismac can see it even if the base station isn't showing the SSID publicly."

    Hacking is just too easy nowadays...
  • marscom, on 10/12/2007, -0/+12linux- kismet
    mac- kisMAC
    win- airocrack
  • Thorpe, on 10/12/2007, -1/+12Thank goodness for WPA.

    Here is the YouTube video:
    http://www.youtube.com/watch?v=P_0SgxSwKek
  • ndansmith, on 10/12/2007, -4/+14Not to mention that WEP is hexadecimal and there should (ideally) be no "words" involved. Minus the dictionary attack, WEP cracking can take a few hours or days depending on how many packets you can capture with unique IVs.
  • phlux, on 10/12/2007, -6/+16Its not even hacking - its being able to run a utility.

    This is inevitable with all technolgy. As the ease of use increases - so does the abstraction between understanding how the technology is used and how the technology actually works.

    I was talking to the president of PARC about this last week, specifically that a good technology camp for the summer would be to teach kids how to setup old machines where they needed to be able to set the interrupts via jumpers correctly and build a whole machine from parts. Over the summer they learn how certain compenents that make up the modern computer evolved and on completion of the course can their parents give them their new laptop.

    I personally am taking this approach with my daughter. I dont want her to view the computer at the same level as TV. As just an appliance.

    The Television/movie industry has an ocean of people who can and do produce content but themselves have little understanding of how the technology actually works.

    Technology works like this though, as we no longer *need* to know how something works - we discovery new ways to use it, new needs for new idea and technology evolves. The problem is simply a personal preference for ensuring that people continue to stay connected with the history of the underlying delivery mechanism - this will prevent us from coming to a point where super specialized degrees are needed to do anything other than type. (Not qorking quite yet though)
  • BobbyOnions, on 10/12/2007, -3/+13Wake me up when you crack my unencrypted wireless network with tunnelled 2048-bit OpenVPN.
  • Blitzenn, on 10/12/2007, -3/+12I agree, this article is really misleading to a lot of people who just don't understand. I am burying it as most people aren't going to understand that this means nothing with regards to wireless security. We had a professional hack test done and the combination of MAC address screening and WPA had them questioning if our wireless access even worked at all. They could not even get to the network to try to break the key. They simply thought it was down or hung for some reason. If you are concerned about your security, reading shrill scare the public articles like this are not going to help. That's why people like me get paid good money, to stay on top of this stuff and make changes as necessary to ensure that their security changes with the risks.
  • IanPhillips, on 10/12/2007, -1/+10Yes a WEP key is usually generated by some word or passphrase that is supplied to the router.

    @ndansmith
    You forgot the third way to crack into WEP. Injection of packets so you can break it in 10 min: http://www.mirrors.wiretapped.net/security/vulnerability-assessment/aircrack/whax-aircrack-wep/whax-aircrack-wep.html
  • T0PS3O, on 10/12/2007, -2/+10Yeah but as mentioned in the article, and as seen in other Digg Homepage stories recently, even a so-called "strong" password isn't that great. Just takes a bit longer to crack, a few more permutations to go through. From the convenience of your car on a corner of any street you can buy yourself as much time as you need. Because holding a laptop doesn't look suspicious, you have plenty of time. Unlike a burglar picking a lock.
  • lateralus, on 10/12/2007, -0/+8And the eventual WPA2 ...
  • inactive, on 10/12/2007, -0/+8he used a word list to crack it, who uses a dictionary word for encryption?
  • tjordan90, on 10/12/2007, -1/+9Use WPA and a randomly-generated set of characters. I use the password generator at https://www.grc.com/passwords.htm. Change that periodically (biweekly, monthly) and you should be alright.
  • ricree, on 10/12/2007, -0/+7"How is that safer? It may be faster, but anyone with a laptop could come into your house, plug an ethernet cable into the jack, and start sniffing all your packets. WPA2 encryption with a strong passphrase is MUCH MUCH more secure - uncrackable in fact."

    I believe that it's the whole "come into your house" part that is key here. It's a lot easier to keep people from walking into you house and plugging in than it is to stop someone from getting onto a wireless connection.

    Of course, good encryption would benefit you either way your network is set up.
  • Araxen, on 10/12/2007, -3/+10"I'm not even sure if I want to run a wireless network anymore to be honest..."


    Wow aren't you a tool. Everyone an their mom should be running WPA if you want to be secure on a wireless network. WEP is notoriously plagued with holes in it. This shouldn't be breaking news to anyone.

    I bet you use "god" as you password too.
  • MrRockabilly, on 10/12/2007, -1/+7WEP is like a car alarm or a CLUB for your car. If you really want to steal that car, no matter what is there, you're gonna steal it. But most thiefs, just kind of look inside, and if theres an alarm or a CLUB, just keep walking. Not worth the time if theres a car down the street without either.

    On the other hand WPA is like a trunk monkey for your car. So I dont think its gonna be easily broken any time soon.
  • dwoloz, on 10/12/2007, -3/+9Easy only if you choose a passphrase that is easily brute forced

    I use password generators like this one http://www.winguides.com/security/password.php
  • geronimo, on 10/12/2007, -0/+6@IanPhillips

    That crack is a brute force crack, you can spend centuries trying to guess my long WPA key. The video you mentioned guesed "Isabelle". Big whoop. The WEP cracker is more troubling as it doesn't use brute force but holes in the WEP protocol. WPA is as safe as your key, WEP isn't safe period.
  • korhojoa, on 10/12/2007, -0/+6isn't mac filtering kind of crappy, because you can find out the mac addresses of computers in the vicinity with various tools, and then just assign your wireless card that mac address, perform a deauth attack, and join the network?
  • KnightMareInc, on 10/12/2007, -1/+7is WEP being crap really news?
  • rocke86, on 10/12/2007, -0/+6This prevents freeloaders but does not prevent sniffers from reading the data traveling between you pc and the router, and later decoding it.
  • MikeEnIke, on 10/12/2007, -1/+6Actually, I think kismac is a mac variation of Kismet, and if I'm not mistaken Kismet has a windows version. I dunno google it.
  • blackmath, on 10/12/2007, -1/+6MAC addresses can be spoofed. The only secure thing you can do is use WPA.
  • urbanRock, on 10/12/2007, -0/+5It's not a good idea, because the unencrypted packets have the allowed mac addresses plain text in them. Any wireless sniffer can discover that traffic and then you can use that information to spoof your MAC to one of the allowed addresses
  • PlaidPhantom, on 10/12/2007, -0/+5protocolor:

    The idea is not to keep them from using the calc. The idea is to get them to effing learn what the calculator is doing. If you don't know what is happening and why, all you've really learned is how to solve a certain type of problem. I've known too many people who could just push the buttons on a calculator. Yet if you changed the problem (or even, in some cases, make it look a little different) they would whine that they didn't know how to do that. The purpose of classes should be to teach the concepts. Then you wouldn't (I'd hope) NEED to teach the calculator because they could understand what it's doing.
  • djrtitan, on 10/12/2007, -0/+5Summary of article: WEP is an inefficient way of securing a wireless router regardless of how many bits. Switch to WPA and you won't have any problems for the near future.
  • mancat, on 10/12/2007, -1/+6mp4215,

    Trivial. Any packets exchanged between a host and the AP will let you know instantly which MAC addresses are allowed.
  • ricree, on 10/12/2007, -2/+7I think it's a matter of degree. He knew it was crappy, but still found it hard to believe how crappy it actually was until he saw it first hand.
  • BigJuiceMan, on 10/12/2007, -1/+6nope. fairly straight forward to spoof a MAC address.
  • deut, on 10/12/2007, -1/+5I think your last comment was unfounded. Sure he may not be as "kewl" as you or as "l33t" as you, but he's hardly an idiot.

    Also the GRC password thing is perfectly fine and has been explained how it works many times on Security Now.
  • adml_shake, on 10/12/2007, -1/+5No NetStumbler doesn't crack anything, or even connect you to a network. It just shows that it's there. They make a big deal about both these issues on the forum at the NetStumbler web page.
  • ricree, on 10/12/2007, -0/+4It occurs to me that this would present a good defense in RIAA cases. A router using WEP is more plausible than an open connection, but at the same time you can demonstrate that it is fairly quick and easy to crack and use.

    Basically, you have the best of both worlds. They can't prove that you actually made the download, and they also can't accuse you of leaving it open for others use it either intentionally or negligently.
  • mattus, on 10/12/2007, -2/+6"I'm not even sure if I want to run a wireless network anymore to be honest..."

    No need for that kind of hysteria. WPA is unbreakable with current tech and will remain so for some time, particularly if you use a long random password. Wireless passwords only have to be entered once so it doesn't matter if it's not easily memorable.
  • WorldGroove, on 10/12/2007, -0/+3We all know about the "Isabelle" video... but now tell me how fast a default WHAX-LiveCD is gonna crack my WPA when the password is:

    X_*(%_AA_F4%8_{{++|-+#@^
  • electromagnetic, on 10/12/2007, -2/+5It depends how you're trying to hack the account, a brute force attack (needed if the person isn't using dictionary terms, or if numbers are included) is significantly slower up to the point where long ones take years; http://www.lockdown.co.uk/?pg=combi&s=articles a good faq on the process, according to that my password has about 60 septillion combinations and to the supercomputer he referenced doing 76.1 billion passwords/second mine would take just under 24 million years... do you have the rise and fall of civilization (twice over) to wait by my house trying to crack my wireless networks password? I'm not very good at noticing the blatant obvious, but someone sat outside my house for 24 million years might just get my attention.

    My personal tip would be to have your initials an underscore and a number, I'd say a password converted through the number keys on your phone: Em_36449 which would be Electromagnetic_doggy and take 22 years on a class F attack (supercomputer). You don't need to include every character, you just need a capital letter, lower case, a symbol (underscore) and a number, just those alone would take 13 minutes on a class D (probably a couple of years before laptops get there).

    As for that guys password it only got to 50,000 combinations, dictionary attacks go through from A-Z, as the oxford english dictionary has around 500,000 words, which should place him just past the middle of the C's. In a dictionary attack a ten letter word will take milliseconds to get compared to say Zack, just because of where it is.
  • morg666, on 10/12/2007, -0/+3"How is that safer? It may be faster, but anyone with a laptop could come into your house, plug an ethernet cable into the jack, and start sniffing all your packets. WPA2 encryption with a strong passphrase is MUCH MUCH more secure - uncrackable in fact."

    It's safer because of exactly what you said...the person needs to get into your house. You are not vulnerable to war driving or anything like that. Also, you need to have a pretty big house not to notice a laptop that doesn't belong to you sitting in your house. Never mind the guy who broke in to put it there.
  • IanPhillips, on 10/12/2007, -0/+3kismet
  • T0PS3O, on 10/12/2007, -0/+3The average Digger may know that WPA is far better, but Diggers are hardly representative of the entire global computer using community. It would be interesting to know the ratio of WEP vs WPA you get driving around any Western/technologically progressive town. This little experiment just shows how many people are at risk, unnecessarily and unknowingly. And IMO doodlebumm's comment is more true than funny, this does show how you can get screwd easily if you haven't taken the time to develop in interest in knowing the difference between WEP and WPA etc.
  • geronimo, on 10/12/2007, -1/+4That crack is a brute force crack, you can spend centuries trying to guess my long WPA key. The WEP cracker is more troubling as it doesn't use brute force but holes in the WEP protocol. WPA is as safe as your key, WEP isn't safe period.
  • jordinas, on 10/12/2007, -1/+4WEP encryption has a fundemental design flaw which makes it trivial to break.

    You should consider WEP insecure or only providing some level of security by obscurity - meaning that it will keep the casual observer out from your network, but if someone wants to break in they can do so trivially.

    WPA is much stronger, and has not been broken. Then using a strong password generator such as the one available at www.grc.com/password (plug for one of my favorite Podcasts - Security Now!) you will be sure that your network is secure.
  • Fetching more discussions...
    Show 51 - 100 of 179 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.