Don't use WEP, say German security researchers

German researchers have published details of a way to break WEP security on Wi-Fi networks in under 60 seconds

The Wi-Fi security protocol WEP should not be relied on to protect sensitive material, according to three German security researchers who have discovered a faster way to crack it. They plan to demonstrate their findings at a security conference in Hamburg this weekend.

Mathematicians showed as long ago as 2001 that the RC4 key scheduling algorithm underlying the WEP (Wired Equivalent Privacy) protocol was flawed, but attacks on it required the interception of around 4 million packets of data in order to calculate the full WEP security key. Further flaws found in the algorithm have brought the time taken to find the key down to a matter of minutes, but that's not necessarily fast enough to break into systems that change their security keys every five minutes.

Now it takes just 3 seconds to extract a 104-bit WEP key from intercepted data using a 1.7GHz Pentium M processor. The necessary data can be captured in less than a minute, and the attack requires so much less computing power than previous attacks that it could even be performed in real time by someone walking through an office.

Anyone using Wi-Fi to transmit data they want to keep private, whether it's banking details or just e-mail, should consider switching from WEP to a more robust encryption protocol, the researchers said.

"We think this can even be done with some PDAs or mobile phones, if they are equipped with wireless LAN hardware," said Erik Tews, a researcher in the computer science department at Darmstadt University of Technology in Darmstadt, Germany.

Tews, along with colleagues Ralf-Philipp Weinmann and Andrei Pyshkin, published a paper about the attack showing that their method needs far less data to find a key than previous attacks: just 40,000 packets are needed for a 50 percent chance of success, while 85,000 packets give a 95 percent chance of success, they said.

Although stronger encryption methods have come along since the first flaws in WEP were discovered over six years ago, the new attack is still relevant, the researchers said. Many networks still rely on WEP for security: 59 percent of the 15,000 Wi-Fi networks surveyed in a large German city in September 2006 used it, with only 18 percent using the newer WPA (Wi-Fi Protected Access) protocol to encrypt traffic. A survey of 490 networks in a smaller German city last month found 46 percent still using WEP, and 27 percent using WPA. In both surveys, over a fifth of networks used no encryption at all, the researchers said in their paper.

Businesses can still protect their networks from the attack, even if they use old Wi-Fi hardware incapable of handling the newer WPA encryption.

For one thing, the researchers said, their attack is active: in order to gather enough of the right kind of data, they send out ARP (Address Resolution Protocol) requests, prompting computers on the network under attack to reply with unencrypted packets of an easily recognizable length. This should be enough to alert an IDS (intrusion detection system) to the attack, they say.

Another way to defeat attacks like that of the Darmstadt researchers, which use statistical techniques to identify a number of possible keys and then select the one most likely to be correct for further analysis, is to hide the real security key in a cloud of dummy ones. That's the approach taken by AirDefense Inc. in its WEP Cloaking product, which was released Monday. The technique means that businesses can cost-effectively protect networks using old hardware, such as point-of-sale systems, without the need to upgrade every terminal or base station, the company said.

If your network supports WPA encryption, though, you should use that instead of WEP to protect your private data, Tews said.

"Depending on your skills, it will cost you some minutes to some hours to switch your network to WPA. If it would cost you more than some hours of work if such private data becomes public, then you should not use WEP anymore," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?