The ease of hacking a WEP network
Whenever I write about Wi-Fi I always try to include a few lines encouraging you to set up your networks with WPA2 security, and I know that several of my fellow columnists have said exactly the same thing.
But as I travel around the country, I still see countless wireless networks with WEP or WPA (without the 2) level security. I know why some of you do this; you have legacy laptops or other mobile devices, whose drivers only support WEP security, but I also know (because I’ve had this conversation by email with several readers) that if I suggest you chuck out these devices you’ll resist and tell me that WEP is secure enough as it can keep most people out.
Well, perhaps I can shock you into changing your mind. You probably believe that if someone breaks into your wireless network the worst they can do is use your connection for some dodgy downloads, but what you may not realise is that once a hacker has your WEP key, they can also see all your network traffic.
What you may not realise is that once a hacker has your WEP key, they can also see all your network traffic
They can see your usernames, passwords, bank balances, and perhaps even a list of those “special” websites you visit when you’re home alone.
To demonstrate how this works, I’m going to use a MetaGeek product (no, I’m not on its payroll, just a satisfied customer) called AirPcap Tx, which is short for Air Packet Capture.
Like the Wi-Spy devices this is a USB2 dongle, but this one is designed to capture all Wi-Fi data on a particular channel, and not only data addressed to a particular client but everything: all traffic, not just data.
AirPcap Tx captures control and management frames, too. It enables you to inject data and control frames back into an existing Wi-Fi connection, which makes it a pretty scary tool that could easily be abused.
It’s also readily purchasable by mail order, so it’s important that you should know what a neighbour could do if they had one. With an AirPcap Tx plugged into my laptop and a copy of some software called Cain & Abel, I was easily able to discover the WEP key that I’d set up for a test network.
I simply captured a few hours’ worth of network activity from the WEP-enabled network, then clicked an option to analyse the results, and in a few seconds it returned the details of my WEP key. If this had been an office environment rather than my own test setup, I’d have been able to perform the same crack with just a few minutes of data.