News

Cracking WiFi security: "How we did it to WEP" - complete with instruction kit

by Staff Writer | posted on 15 May 2007


Last month, three researchers, Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann developed an exploit. They showed that they could get the security code that protects WiFi access points using Wired Equivalency Privacy in less than two minutes.

The original story gave the basic outline faster attack (based on a cryptanalysis of RC4 by Andreas Klein), that works with ARP packets and just needs 85,000 packets to crack the key with a 95 per cent probablity. This means getting the key in less than two minutes.

Now Federico Biancuzzi has done an interview with the three researchers. All three are studying at Darmstadt University of Technology, Germany. Tews, 24, is a Bachelor student; Pyshkin, 27, and Weinman, 29, are PhD students in Professor Johannes Buchmann's research group.

The story gives just about all the details of how they did it, including a couple of downloads to give you the necessary software.

What's it prove? Well, that nobody uses WEP except BT broadband? If it was a genuine security exploit, publishing the details like this would be a crime... but nobody seems bothered.


Technorati tags:   
general news (wireless) - You can discuss this article on our discussion board.