Wired Equivalent Privacy (WEP) is arguably the weakest encryption protocols. Unlike how its name sounds, the WEP standard was found to be flawed and highly vulnerable. Sadly it is true WEP is still regularly found on many wireless access points and devices.
Another thing that WEP makes much more vulnerable is this; earlier years many routers’ setup pages guided their users to type 10 digit numbers for WEP passcode on the initial setup process. While nothing wrong with the instructions, many users couldn’t come up with better ideas other than using their 10 digit phone numbers. Many of our former clients also had used their WiFi in that way; using WEP for protection and put their phone number on their signage, big.
WEP is vulnerable in many ways but Initialization vectors (IV) is the one of main reasons. IV are only 24 bits in length, meaning that an entire pool of IVs can be exhausted by in a short period of time.
2. Closer Look
In this posting we will demonstrate how easily WEP passcode can be cracked. Needless to say, DO NOT ATTEMPT ANY OF FOLLOWING STEPS AGAINST OTHERS’ NETWORKS.
First, load up your Kali then run terminal. The tool we will use today is “Wifite”
Wifite comes with many options but we only need ‘–wep’ for the job.
command : wifite –wep
After few seconds WiFite will display a list of scanned WEP signals. Once you have recognized your SSID, press Ctrl+C then WiFite will ask which SSID you’d like to choose. Ours was “Cisco” so we chose 1.
Once you have chosen your SSID, the rest part is just waiting for enough number of IV to be colllected. Depends on how complicate your WEP passcode is, it could be short as watching one Youtube AD. If your WEP network is live and being actively used, it shouldn’t be taking too long., otherwise it could take a——————-while.
If you are performing this with your spare router that is compeltely isolated from any connections, you might want to hook up with your main router for few miniutes so that your spare router would have enough traffic to collect enough IV. Connecting a home router after another home router is always bad idea but if your spare router has no connections with others, the waiting time for IV collection could be esaily and dramatically extended like, A DAY.
Now, WiFite was able to crack the passcode for “Cisco” which was “1234567890”
So, if WEP is so vulnerable like this, how do we mitigate the issue? The easiest way to accomplish this is just simply change your wireless encryption mechanism to WPA/WPA2.
Will it cost you much? Highly unlikelly. Chances are very good your old, dusted, left-be-alone-undergod-knows-where-and-how-long router already have such function. If you are one of those using your phone number as WEP key, then you might need to change it to something else when you implementing WPA/WPA2 but that’s about it.