[ news_security_news ]
Why I Hacked My WEP Wireless Router
Paul McGillivary
Contributing Writer
2006-09-25
 Insider Reports RSS Feed
Part of securing your network must include looking at your wireless access points. Wireless access can be dangerous to your network.
Most people don't even know how easy it is to exploit wireless access points. Let me illustrate my point. I went out one afternoon and took my trusty laptop with me. The task this afternoon was to scan for "open" wireless access points. An "open" wireless access point is one that has absolutely no encryption, or security, on the signal. This allows anyone to listen in on your data stream. If you still don't get it, it's a very bad thing! So, I drove for about 2 miles through a small business district and apartment complex. What was the result? Oh, about 45 open wireless networks. That means that I could log onto those networks, scan it, and exploit machines connected to that network. I didn't do that, but you get my drift. The lesson here is to encrypt your wireless data stream.
Some people think that choosing WEP encryption offers great wireless security. They would be wrong. Your wireless router may have an option for WPA and WEP. You should always choose WPA security over WEP. Let me illustrate why. I set up a wireless network in my home. I enabled WEP security at 128 bit encryption. That's "strong" security for WEP. I wrote down the security key and then I started my test. My goal was to hack my own WEP wireless network. I thought it was going to be a really hard task. I was wrong.
I fired up my linux laptop. This particular Linux distribution, or flavor of Linux, was a security edition. This gave me all kinds of tools to scan for wireless networks and exploit them. A typical hacker will have all of these free tools at their disposal. I then fired up Kismet. Kismet is a great wireless scanning program. I found my wireless network in the list. I found the connected client and the access point, or router. Then I proceeded to do a typical type of attack on the network. Hackers need to grab what's called a "packet" from a computer that already has the key for the secured wireless network. The hacker can then use this packet to issue responses from the router. Why is this important? This allows the hacker to gather a tremendous amount of data from the access point. And this finally allows the hacker to crack the WEP security key.
So, I went about hacking my own WEP wireless router. I "deauthenticated" my computer that was already connected to the router. This gave me the packet I needed for the router. Then I started sending this packet to the router a lot. Once I had enough data from the router, I then passed it to a cracking program. Viola, it cracked the key in about 1 second. After the dust had settled, I had cracked my WEP security in less than 30 minutes! But would the typical user see that I was hacking? Probably not. The only thing they would see is that they lost their wireless connection for a moment. This is when I "deauthenticated" them from the network to grab the "packet" I needed.
Remember, I had my WEP encryption set to 128 bits. This is a high level of encryption. But it really doesn't matter. All a hacker needs is a signal a little time to crack that. Remember, hackers are like house thieves. They will go along the path of least resistance. The harder your wireless signal is to crack, the less likely you will be hacked. They will simply move along to the next "open" network or one with bad encryption. Do yourself a favor, and always choose WPA wireless security over WEP.
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
For more great technology tips, visit us at PaulTech:
http://www.gopaultech.com
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
