digg

Facebook Connect Join Digg About

New attack cracks WEP in record time

arstechnica.com Your home or office WiFi network may be even less secure than you think. Researchers have now shown that they can break 104-bit WEP, a common 802.11b/g/n security mechanism, in as little as one or two minutes.

Who dugg this? Made popular Apr 4, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

134 Comments

show profanity settings
expand all
  • 1b2a, on 10/12/2007, -4/+67It's too bad the the Nintendo DS wifi is only compatible with a WEP code. Lame.
  • dtd00d, on 10/12/2007, -3/+59I use dialup, nobody wants to hack into my connection anyway.
  • Loonacy, on 10/12/2007, -2/+54@dtd00d
    I tapped your lines and hacked your connection by screaming modem tones into the phone. And my throat is sore after making this post.
  • inio, on 10/12/2007, -0/+49128-bit WEP is 104-bit key + 24-bit initialization vector.

    In plain english: This attack is against 128-bit WEP, they just refer it by the actual key size.
  • spiritamx79, on 10/12/2007, -2/+48You say i was downloading music RIAA? well those crazy hackers busted into my WEP network and stole my bandwidth to make it look like me.

  • CaptMonkey, on 10/12/2007, -0/+34Oh well, I really only use WEP to keep out the computer-illiterate dummies who live next to me. If anyone smart enough to crack the WEP on my router happens to stand outside my apartment to get free internet access, they're welcome to it.
  • Tarnum, on 10/12/2007, -1/+33If RIAA calls, it wasn't me who shared MP3s! It was the evil drive-by hacker, who hacked my WiFi and stole my bandwidth! A perfect case of plausible deniability.
  • terribly1, on 10/12/2007, -0/+27When you need pr0n/torrents/mp3s right now, every minute counts, damnit
  • dshPls, on 10/12/2007, -5/+28Ok where can I download this?

    People have wised up, and most protect their network! It's insanity, the main reason I got a phone with 802.11b/g was to get free google maps whenever I wanted ;(
  • ExSlashdotter, on 10/12/2007, -1/+22wrong. we had an open AP at our church until the FBI showed up. Someone had stopped by, logged into their hotmail, and sent a threat to a city police officer. Yep, traced to our IP.

    I'd like to just avoid any RIAA/child porn/FBI/whatever else shennanigans, thanks.

    Plus, I pay $60/month for it.
  • potterboy, on 10/12/2007, -0/+19What I love is my neighbor who has FIOS 15/2 mbps and leaves it on unprotected wifi. For some reason its not as fast as he expected.
  • Scheissenegger, on 10/12/2007, -2/+21here's a guide about cracking it the old way (read: in 10 minutes): http://www.profit42.com/index.php/2006/08/02/92/

    The same site also offers a WPA cracking guide, but it's only usable if the victim set the key to a dictionary word...

    Conclusion: Use WPA2 or use a cable!
  • Doriath, on 10/12/2007, -3/+21"People have wised up, and most protect their network!"

    A simple 10 minute drive from my house to where I work reveals nearly a hundred wireless networks, fully a third of them wide open. People have a long way to go.

  • glguy, on 10/12/2007, -0/+17no, they can sniff out the mac address you are using and set their wireless card to use that address
  • thenativeraver, on 10/12/2007, -2/+17http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/download/aircrack-ptw-1.0.0.tar.gz

    Right on!
  • CaptMonkey, on 10/12/2007, -1/+14Negative. It's WEP-only. Which is why I don't use WPA (see my post below).
  • inio, on 10/12/2007, -1/+13Hopefully if you're using n, you're not using WEP anymore. Upgrade to WPA!

    This attack, however, probably would work faster against a g network than a b network. The time-consuming part involves generating a lot of traffic and looking at the responses, so I reckon you could do that faster on a g network than a b network.
  • shuffle2, on 10/12/2007, -0/+11sbrown: it's very easy to spoof mac addresses, and it's not hard for an attacker to find a valid mac address...especially if there is network activity.
  • inactive, on 10/12/2007, -4/+14Pretty slick, I say.
  • terribly1, on 10/12/2007, -1/+11@00420

    Wii supports WPA.
  • xutopia, on 10/12/2007, -1/+10Screw security. Share your network with neighbors but only port 80/81. Neighbors will love you and give you beer.
  • h0dg3s, on 10/12/2007, -0/+8In other news, Windows ME crashes a lot.

    Thanks for the old news, slapnuts. Maybe next you can tell me about the cool new music players that play discs instead of tapes.
  • f3l1x, on 10/12/2007, -0/+8Pretty noisy too. Any wireless network protecting any real important information (ya i know its relative) will be able to detect this attack and rotate keys or ignore the offending node. The real kick-ass stuff came out of shmoocon. using fpga's that crack wep, or whatever encryption, fast. I mean ***** hot fast for a completely passive approach. (real hackers don't get seen or caught) ... Some of you REALLY need to get out more. or... stay inside more... I cant quite put my finger on it.
  • OsiVert, on 10/12/2007, -1/+8Wireless doesn't suck. Wireless is awesome, but common home routers need better security by default.
  • Cyber_Akuma, on 10/12/2007, -0/+6Sigh, out of all the multiple WiFi devices I have, the DS is the ONE device that does not support WPA. How I wish it did so I can upgrade past this joke of a security that WEP is.
  • jordanlund, on 10/12/2007, -1/+6It reminds me of the old joke... 2 guys are being chased by a bear, the first guy says "We'll never outrun this thing!" The second guy says "I don't have to outrun the bear, I just have to outrun you!"

    I don't have to have the most secure wireless network. I just have to be more secure than the people around me. Considering I have 2 neighbors who are completely open with no protection at all WEP is probably good enough. Turn off the SSID, add MAC filtering and you make your network unappealing as opposed to the wide open network right next to you.

    Can someone still get in? Sure. Is your average script kiddie going to bother when presented with a wide open network? Probably not.
  • inactive, on 10/12/2007, -1/+6these nerds worried about their ds lite being hijacked are hilarious.
  • dbr_onix, on 10/12/2007, -2/+7"People have wised up"
    No, they haven't - The reason there's more and more WEP or (increasingly) WPA protected WAP's around now is because *manufacturers* have wised up. A lot of routers sold today have encryption enabled by default, and most people won't disable it (Just like they wouldn't enable it were it turned off by default)
  • RiverBelow, on 10/12/2007, -2/+7I leave my wifi open at all times. Its like doing a favour.

    And a good excuse when the FBI shows up at my door.

    "'twas my neighbour; I swear!"
  • rohanch, on 10/12/2007, -0/+4@bilangew

    If you break the network's WEP key (or it doesn't have one in the first place), you can sniff and decrypt all data traffic on the network and get the IP addresses of machines already connected. From there, it's easy to work out the IP address scheme that's being used.
  • inactive, on 10/12/2007, -2/+6Hmm. I guess I won't buy a DS Lite after all. My Wii supports WPA2 and I am glad it does. I am not softening up security period. Are the online games even worth it though for the DS?
  • geronimo, on 10/12/2007, -0/+4with a cantenna you can send out more signal but you can also detect the responses better. The person above is saying he/she connects to their wireless router on say 192.168.1.1 and messes with them. Evil.
  • ExSlashdotter, on 10/12/2007, -0/+4::too late for edit::

    As for only allowing port 80 traffic, most people dont know how to set up a proxy or a real firewall. just using WPA is a big jump for most people who would otherwise have 'linksys' as their SSID. Sure, we know how, and thats cool. But for my mom or dad, just secure it.
  • postitnote, on 10/12/2007, -0/+4Honestly, my WEP key is FFFFFFFFFF. Why bother with a secure one if it's so easy to break it.
  • insovietrussia, on 10/12/2007, -0/+4Or break out the old Upside-Down-Ternet prank:

    http://www.ex-parrot.com/~pete/upside-down-ternet.html
  • geronimo, on 10/12/2007, -0/+4http://www.wirelessdefence.org/Contents/Aircrack_aircrack.htm

    How many packets do I need?

    Approximately 1,000,000 packets for breaking 128-bit WEP


    40,000 != 1,000,000
  • sl4x0r, on 10/12/2007, -0/+3you're gonna tell me you have a cantenna and the 1337 skills to crack wep, but you don't know how to spoof a MAC address? riiiiiight
  • shaungc, on 10/12/2007, -2/+5@whereami
    Your point? Well, other than jumping on the troll wagon.
  • rohanch, on 10/12/2007, -0/+3They don't just get your internet connection, they can also read all of your packets once they've cracked the key. Web browsing (including most website passwords), your emails, file shares... any traffic can be "sniffed". MAC filtering doesn't do anything to stop that either because you don't need to connect to sniff.
  • insovietrussia, on 10/12/2007, -0/+3Very easy, once you have the network key. ARP tables are broadcast routinely by the router and Auth/Deauth packets & DHCP requests carry the IP/MAC details.
  • ahill7, on 10/12/2007, -1/+4So two minutes compared to ten minutes (using De-Auth attack previously mentioned), is the time saved a moot point at such speed?
  • geronimo, on 10/12/2007, -0/+3I'd like to see you crack my random WPA password. WPA is insecure if you use a weak password.
  • ExSlashdotter, on 10/12/2007, -0/+3just like hiding the SSID doesnt help. Its not hiding as in stealth-like. Its hiding as in, "just dont show up in the normal list of available networks". Even the airport radar dashboard widget on the mac can see the hidden SSIDs.
  • StealthTomato, on 10/12/2007, -0/+3Actually, I probably would bother. In fact, I'd connect to the open ones to look up how to crack yours. Why? Because you're presenting a challenge, and if there's one thing hackers (or script kiddies) like, it's a challenge.
  • inactive, on 10/12/2007, -0/+3depends on your connection speed :)
  • Satertek, on 10/12/2007, -0/+3It is if the network is set up to cycle the key (usually every 5 minutes) then it is significant.
  • oldhat, on 10/12/2007, -0/+3Any year now wifi router manufacturers will offer multiple networks out of the box. (a few 3rd party firmware offer this I think)

    Meaning: one device that provides 2 or 3 separate wifi networks, each with different settings. One has stupid WEP for legacy devices (old Tivo and stuff), one has WPA2 locked down all crazy, and one is totally wide open...free for the taking but is capped at 384k or something.

    Wifi been out for a long time and is ubiquitous but still they drag their feet! Another failure of the free market...can you find any others, kids?
  • u8myfoood, on 10/12/2007, -0/+3did you know digg automatically converts your WEP key into stars when you type it in?
    LOOK: **********
  • geminitojanus, on 10/12/2007, -1/+4"Just a thought. I wonder what it takes to spoof MAC addresses...."

    Almost nothing. I used to spoof a MAC of one of the computers in my university's computer lab to get wireless and this was a few years ago. It's actually rather standard practice these days from what I hear, but the lab admins are still clueless. The safest networks today are built on PSK: PreShared Keys. I run one, you should run one, and any thing that doesn't support it should be in a wired DMZ.
  • jeff303, on 10/12/2007, -0/+3Usually the maximum speed of the network isn't really the limiting factor for cracking speed - it's the actual usage (useful data packets being transmitted). This rarely approaches the available bandwidth, even on g networks.
  • Fetching more discussions...
    Show 51 - 100 of 134 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.