The ease of hacking a WEP network
But the really scary part is what can be done with that WEP key. I went into AirPcap’s control panel, where I was able to register the WEP key I’d found, and then I fired up a copy of the network hacker’s favourite tool Wireshark. Because my WEP key was now registered I was able to capture all the network traffic on my test wireless LAN in a fully decrypted form.
In real-time I was able to watch packets of data, comprising emails sent and received, websites visited, web forms completed, and so on. Thanks to the injection facilities that exist in the AirPcap hardware, if I’d wanted to be really nasty I could have also joined the network, pretending to be one of its existing laptops or workstations.
With knowledge of the WEP key I could even set up a dummy access point that some network users might roam on to, and I’d then have full control over their connections. Just imagine the possibilities.
It’s possible to crack WPA, too, although it takes a little longer, because the only sensible way to do it is a brute-force dictionary trawl to find the password
It’s possible to crack WPA, too, although it takes a little longer, because the only sensible way to do it is a brute-force dictionary trawl to find the password.
However, bear in mind that hackers have massive 100GB dictionaries available to them that don’t just contain words but also phrases, common number sequences and just about any clever password combination that you might try to think up.
So if you really must use WPA, please ensure your password is a totally random sequence of characters, including upper- and lower-case letters, numbers and punctuation marks. Anything else is just too easy to discover.
I must admit that I had some qualms about writing this column, and even emailed editor Tim Danton to check that he was happy for me to publish details about how easy it is to crack Wi-Fi security. But we both came to the same conclusion:
a) All this info is available on the web, if you know where to look for it; and b) It’s only by showing you how easy it is to crack your Wi-Fi wide open, and what damage could be done thereby, that you’ll realise that WPA2 really is the minimum security standard that you should allow anywhere near your wireless network.