Defeating WEP with Aircrack for Windows
Published:
After recently finding five unsecured Linksys access points available from my own home I decided it was time to turn on WEP on my own wireless network. I previously had it disabled because there only one or two wireless networks in the neighborhood and I figured none of those neighbors would want to play hacker. That and my neigborhood gets zero outside car traffic.
It took me less than 5 minutes to set WEP up.
It took me less than 30 minutes to gather the data.
It took me less than 10 seconds to crack my own WEP key.
So how was it done? Well, I setup a 26 character 128bit WEP key on both my access points. I picked the one closest to me to crack. Then I just downloaded and followed the instructions for Aircrack. Once Airdump was running on my laptop (the hacker in my own test) I simulated traffic on my wireless network from the inside. I waited until I got a little more than 500,000 unique WEP IVs and started up Aircrack. Before I could figure out how the program worked my WEP key was given to me.
What does this mean? It’s been known for years that WEP is worthless. But what this really means, is that for busy wireless networks, WEP is not worthless, it’s a joke. The good news is my wireless network doesn’t normally generate this kind of traffic so the odds of getting hacked by a wardriver are slim. If I suddenly notice a bunch of directional antennas pointed towards my house - then it’s a whole different story.