If you haven't abandoned the use of Wired Equivalent Privacy (WEP) on your company's wireless LAN yet, there's no time like the present. It has been known for years that WEP can be broken as easily as a terrorism suspect stuck in a room with Jack Bauer, but a new paper by a trio of German researchers shows that compromising the widely used protocol is now completely trivial.
The paper, "Breaking 104 bit WEP in less than 60 seconds," demonstrates a technique through which an attacker can recover the WEP key by capturing just 40,000 frames. This is an improvement of about an order of magnitude over previously known attacks, the authors say. Indeed, the biggest challenge attackers faced in recovering a WEP key was the amount of time it took to capture the number of packets needed. This new technique is perfectly tailored for the attackers of the ADD generation: The number of frames needed can be obtained in less than a minute.
Security experts for years have been advising enterprises, as well as home users, to switch from WEP to Wi-Fi Protected Access 2 (WPA2), also known as 802.11i. WPA2 is a far stronger and more versatile encryption scheme and is supported by default in virtually all of the wireless access points on the market. In practice, it's not much more difficult to implement than WEP, but for whatever reason, many organizations have been reluctant to move to WPA2. Maybe it's simply inertia or a reluctance to mess with a configuration that's working, but sometime soon, those of you who are still holding out will need to make the switch.
It's important not to underestimate the role that WEP played in making users aware of the security challenges inherent in deploying a wireless network. As Wi-Fi use began to explode in the late 1990s and early part of this decade, almost no thought was given to securing these networks. Users loved the freedom of being able to work in airports, coffee shops and bookstores and most of them wouldn't know an encryption algorithm from a venti latte, nor did they care. Many administrators figured that they security measures they had in place on their wired networks could be adapted to protect wireless LANs, but that turned out not to be the case. Soon enough the newspapers and trade journals were full of reports of hackers driving around downtown areas, sniffing Wi-Fi traffic, reading unsuspecting users' emails and launching DoS attacks. And, as surely night follows day, a crop of wireless security vendors mushroomed up to capitalize on this new market.
The solution to these problems, some experts said, was comparatively simple: enabling WEP. Security experts knew as early as 2000 that WEP had problems that could allow a determined attacker to recover a user's key, but they also knew that it was better than nothing and would at least provide some baseline protection. Users and enterprises listened, and WEP quickly gained wide acceptance. Just as quickly, researchers began publishing papers pointing out the inherent flaws in WEP and advocating for more stringent security measures. Bill Arbaugh, Narendar Shankar and Y.C. Justin Wan wrote a seminal paper in 2001 that laid bare WEP's insecurity and showed how easily attackers could exploit it.
The public discussion of the problems and the search for solutions ultimately resulted in the development of WPA2 and also had the effect of raising the level of awareness about other dangers facing wireless LAN users. We now see public hotspots advertising their use of WPA2 and using security as a selling point. That would have been unimaginable a few years ago when access was all, and security was not even an afterthought. RIP WEP.
This was first published in April 2007