Last week we showed you how to crack a Wi-Fi network’s WEP key using a live CD and some command line fu. Today we’ve got other cracking options—but more importantly, clarification on the point of all this.
Even Easier Ways to Crack WEP
The cracking method we covered last week involved typing in 10 tedious commands you can easily fat-finger. While there’s no super-simple GUI with a giant button that says “Crack this network” and plays James Bond theme music, a couple of windowed options are much more usable.
Enter the BSSID in the “Victim Mac” field of SpoonWep. Choose your Wi-Fi adaptor from the drop-down, set the channel, and launch your attack. Increase or decrease your injection rate using the slider. (Thanks to PrunellaIguana and RamonHans for pointing out SpoonWep.)
As for the BackTrack 4 pre-release, commenters point out that it supports more wireless cards and can crack passwords faster using aircrack-ptw. BT4 consistently froze on me, but I believe it was the version of the Alfa USB adaptor I was using that caused the problem, so your mileage will likely vary.
KisMACbuilt-in drivers KisMAC comes withlist of wireless adapters that work with those drivers
The clip demonstrates a “Weak Scheduling Attack” against a 40-bit key in action with KisMAC. Go full screen and high quality for best legibility.
Windows: aircrack-ng suite
As far as I can tell, there is no non-command line software you can install on Windows to crack WEP. There are plenty of tutorials on how to install the aircrack-ng suite on Windows and run it. I half-heartedly tried a few on my own but just went back to BackTrack 3. (If you’ve got to use the CLI anyway, might as well do it from a Linux image.) If your Cygwin-devoted heart is braver than mine, here’s how to install Aircrack-ng for Windows and a longer tutorial on how to crack WEP on Windows XP Pro SP2.
The Point: Now You Know How to Better Secure Your Wireless Network
Knowing how to crack WEP keys doesn’t mean you go out and actually break into people’s Wi-Fi networks. It means you’ve seen, firsthand, exactly how crackable WEP keys are. I’ve “known” for years now that WPA is more secure than WEP, but the bridge on my network offered WPA but couldn’t authenticate with it on my (old, cheap) router. It wasn’t until I wrote the article last week that I got an updated router that did work. That’s the power of seeing something in action you’ve normally got to wade through nefarious blackhat web sites to dial into.
This is a sticky issue, of course. But thanks to all of you, the comment thread on last week’s howto illuminated some of the best points about the wireless security issue. To recap:
WPA is crackable as well, but it’s more difficult (especially WPA2). A wired network is more secure than a Wi-Fi network because it’s more difficult to connect to it. But if wiring up your home isn’t an option—and let’s face it, it really isn’t something any one of us wants to do—opt for WPA2 where possible. As several commenters pointed out, WPA has been cracked in some circumstances as well, but it’s not done as easily as WEP. To explain, MaribelAlligator continues the “bathroom lock” analogy:
WPA is like a standard door lock; it’s a lot more secure, but it is still possible to get by for someone with the right tools, knowledge and circumstances. WPA2 is like a bank safe. It may be possible to defeat, depending on how it’s been set up, but it’s not realistically possible for anybody to actually do so… yet.
Filtering MAC addresses and hiding SSID’s doesn’t matter to folks who want to get in. A few commenters said they’ve stopped broadcasting their router’s SSID, and set up MAC address filtering, which only allows particular devices to connect to it. These measures will stop folks who don’t know what they’re doing, but not those who do. Spoofing a MAC address is very easy, and any network scanner worth its salt (including free ones like NetStumbler) detect networks with hidden SSIDs. To continue the bathroom lock analogy, MaribelAlligator said:
Not broadcasting your SSID is like taking the numbers off of your house – The house is still there and everyone can see it, it’s just a bit harder to find for people that don’t know what they are looking for already. Filtering by MAC address is like having a guard at the door that checks everyone’s name against a list to see if they can enter. The only problem is, he doesn’t ask for ID or remember what people look like, so anybody can listen in to see what names are allowed and then claim to be anybody else.
The bottom line: Protect your stuff using multiple layers of security. Whether your network is wired or wireless, open, WEP, WPA, or WPA2, take several measures to secure your important stuff. Password your network shares (choose good ones!), do virus and malware sweeps, back up your data, run firewalls—in short, don’t rely entirely on your wireless router’s password (whether it’s WEP encryption or not) to keep out intruders.
If you’ve got old devices that ONLY support WEP… Like everything in life, you’ve got to balance risk and reward. If your Nintendo DS only speaks WEP, and you want wireless access, use WEP knowing what the risks are. Ben D. makes a great point about WEP-only devices:
Make sure your firmware is up-to-date, and if it is, lobby the heck out of the manufacturers to start supporting WPA2. “I saw this article on Lifehacker”… It’s totally outrageous that any manufacturer-supported wireless device, in 2009, would only offer WEP.
Thanks to everyone who dropped knowledge in the comments on the previous tutorial. Now go forth and configure your wireless network as it should be.
Gina Trapani, Lifehacker’s founding editor, is finished with this Wi-Fi encrypted key-cracking business. For now. Her feature Smarterware appears every week on Lifehacker.