Sign in with
Sign up | Sign in

WEP Is Dead, Haven't You Heard?

Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud
By

Wired Equivalent Privacy (WEP) was the first security algorithm used by wireless networks to restrict access. It was originally introduced in 1999 as part of the 802.11 standard. However, it has long been considered to be a "broken" algorithm, and was effectively replaced by Wi-Fi Protected Access (WPA).

Recovering a WEP key out in the wild.Recovering a WEP key out in the wild.

If you're still using WEP on an older wireless router, try not to feel too safe. The Wi-Fi Alliance abandoned WEP in 2003 because it's very easy to crack. With $20 and some basic technical know-how, a neighbor can procure your WEP password in about 10 minutes using publicly-available tools. It really is time to upgrade to at least WPA.

The process of breaking a WEP password can vary, but we've seen it done enough times that there's little reason to detail this bit of deviousness here on Tom's Hardware. Think of us like AMC's Breaking Bad. We're not here to show you how to cook meth. But our story hinges on the process. An enthusiast using WEP should know how easy it is to circumvent, and we did it so that you don't have to learn the hard way. To give you an idea of what's involved, we used Cain & Abel, Aircracking-ng, and an AirPcap Nx adapter to find a nearby network's WEP key in about five minutes. The length of the key doesn't affect recovery time, either.

Connecting to the cracked network after six minutes of effort.Connecting to the cracked network after six minutes of effort.

The fundamental problem is that it's incredibly easy to eavesdrop on a WEP network and sniff out the information needed to crack the RC4 cipher backing the protocol. Even if there aren't enough packets traveling between the router and clients inside the network, it's possible to send packets in such a way to simulate reply packets, which then can be used to find the key. It's even possible to forcibly boot users off a router in order to generate packets with authentication information. Scary stuff; avoid it at all costs if security truly matters to you.

React To This Article