Posted by Deliverator on April 3rd, 2007
Wired Equivalent Privacy, aka WEP, the traffic encryption method still widely used on many 802.11b/g wireless networks, has been quite broken for at least several years. Easily downloaded tools such as Aircrack have enabled practical, real world breaking of WEP keys in 5-10 minutes. A security paper and associated code describing a much more efficient attack was recently released, which brings the total time necessary to find the WEP password for a wireless network down to as little as 1 minute with a 50% chance of success and about 2 minutes with a 85% chance. This attack doesn’t require special hardware/software to perform. Pretty much any laptop running *nix with two wireless adapters is capable of performing this attack. It used to be that you had to be worried if you saw a geeky guy sitting in a van in front of your house/business for hours on end. With small Linux devices like the Nokia 800, it is possible to run this sort of attack from one’s pockets simply by walking slowly past a target. Of course, it has also been possible to run this sort of attack at extreme distances using high gain antennas. WEP has been broken for a long time…now it is just more so.