P
PaxProSe
Apr 04, 2014

How insecure is a WEP encrypted wireless network?

One of my friends has her small business’s wireless network secured with WEP encryption. I’ve suggested that she should change to WPA/WPA2 and advised her that WEP was obsolete, but I can’t seem to get her to pay any attention. Exactly how insecure is WEP and how can I prove it to her?

jellyfish25
06/25/2014

This is the 2nd time in the past week I've seen WEP described as "Wireless Encryption network". While it may seem right and there is some weak encryption involved, I believe the correct expansion of the acronym is "Wired Equivalent Privacy"

jimlynch
04/09/2014
WEP Flaws
http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy#Flaws

"Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.

In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network. Depending on the amount of network traffic, and thus the number of packets available for inspection, a successful key recovery could take as little as one minute. If an insufficient number of packets are being sent, there are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely available software such as aircrack-ng to crack any WEP key in minutes."
r
riffin
04/04/2014

Another thing that might get her to pay attention is to point out all of the recent data breaches and how much harm it has caused for companies like Target. That’s something a small business definitely wants to avoid, and as the earlier reply pointed out, WEP can be easily penetrated with just a little effort. It might be marginally adequate for home use if there aren’t other people/houses nearyby, but that’s about it at this point.

D
Dr. Rose
04/04/2014

WEP was the first standardized way of securing wireless networks. It encrypts your data – which is good – but doesn’t do so well enough to stop people from eavesdropping – which is bad.

Although WEP is a little better than not securing your wireless network at all, it has a weakness, and everyone knows what that weakness is. If you use WEP, anyone can crack your code in minutes and start using your WiFi – and monitoring everything you do online. This could mean kids using your wireless to download Movies illegally, or it could mean criminals stealing your identity. Either way, it’s not worth it.


I just found the following tutorial on the internet that teach you how to crack your own WEP network, so maybe showing this tutorial can convince her to improve her Wifi security :
http://www.makeuseof.com/tag/crack-wep-network-find-insecure/

 

Hope it could help.

Answer this
ASK a question
250