Slashdot Mirror

← Back to Stories (view on slashdot.org)

WEP Cracking for Mac OS X

Posted by ryuzaki0 on from the holiday-hacking dept.

Randar the Lava Liza writes "Finally there is a tool to put default Apple AirPort hardware into monitoring mode for wireless security analysis. KisMAC is a variant of Kismet that runs natively on Mac OS X. It requires a special driver to be installed to run the AirPort hardware in monitoring mode, and has built-in WEP cracking tools once enough weak packets have been sniffed."

29 comments

  1. Great by AndyAMPohl · · Score: 1, Troll

    The submitter makes it sound like this is good news. What's so good about rooting for hackers? Maybe it's crackers I'm thinking of. I never know what is a good faith gesture from these guys. If you're going to try and fix a problem with some security thing, why not just point out what the problem is and how to reproduce it? Why go to the bother of making robust cracking software to exploit that particular problem unless you're actually a bad person doing bad things with a computer?

    Andy

    1. Re:Great by Anonymous Coward · · Score: 5, Insightful

      One of the reasons why after a vulnerability has been discussed an easy to use exploit is a good thing is the tendency of higher-ups to disregard security risks which are only exploitable by a select few. WEP is not what its name suggests, but it is still the only line of defense in many wireless networks because the risk of being attacked still appears to be low. That has got to change.

    2. Re:Great by tbmaddux · · Score: 3, Insightful
      Why go to the bother of making robust cracking software to exploit that particular problem unless you're actually a bad person doing bad things with a computer?
      Such software in general needn't only be used by blackhats. Whitehats can use it to test the security of their own systems.

      In this particular case, it could be used to see how exposed the rest of the internal network is to a lousy security scheme (WEP).

      Besides, these tools already exist on other platforms, so it's not like the blackhats suddenly have something they didn't have before to make our lives miserable.

      --
      Can't you see that everyone is buying station wagons?
    3. Re:Great by AndyAMPohl · · Score: 0

      I agree.

    4. Re:Great by sco08y · · Score: 2, Insightful

      Yup. If I wanted to make the case that we still need a VPN even with WEP to a suit, it would be nice to actually crack the WiFi network and give them proof. Especially if I could show that someone could just sit outside the building and break it.

    5. Re:Great by Permission+Denied · · Score: 5, Informative
      Consider this analogy:

      MacOS X Server 10.1 used netinfo for authentication of client machines. The way it worked is that password hashes were stored in netinfo and netinfo was readable to the world (eg, it posted /etc/passwd on the Internet).

      The bosses would not believe this was a problem until I showed them how I could download all the password hashes from any arbitrary machine on the Internet and subsequently ran a cracker which found a large number of weak passwords.

      In fact, they failed to see the scope of the problem (it was completely debilitating) as they only saw me typing a bunch of commands and their eyes glazed over. If there were some point-and-click Mac toy that would download the hashes, run Crack in the background and report results, it may have convinced them of just how serious a problem it was. In fact, I considered writing such a GUI tool because I'm genuinely concerned about shops that buy MacOS X Server and don't have a *nix admin.

      Similarly, some people still don't understand that WEP is 100% useless (you can break it from a Palm for God's sake). I recommend completely turning off WEP so your users understand that any traffic going over wireless is world-readable. This may convince them to avoid plain-text password protocols and check that when they type their credit card numbers the site is using strong SSL. I've seen people send their credit card numbers over email, so this is absolutely necessary.

      WEP crackers are not in any way "hacker" or "cracker" tools, and I doubt they are widely used for illegitimage purposes - I would venture that many more people use netstumbler and airsnort to convince others that WEP is useless. Lowering the bar so there's some point-and-click tool that your grandmother can download is a good thing, since there is nothing "hard" about cracking WEP and people need to understand that.

    6. Re:Great by stoney27 · · Score: 1


      Besides, these tools already exist on other platforms, so it's not like the blackhats suddenly have something they didn't have before to make our lives miserable.

      Now they can do it with style. The TiBooks are very C00L ;)

      -S

      --

      It is said that a child learns wisdom from the parent,
      but the truly wise parent learns joy from the child
  2. Good/Bad by Tug3 · · Score: 4, Interesting

    I would say this is good news.

    At least I have been waiting for one. There is definate (legal) use for this, when you have to test you company's / other network. And specially if you have to prove the vulnerability to your boss.

    I know it's been available for ages to Linux platform, but as a TiBook user I had to use someone elses laptop for this. Now it's finally available for OS X...
    OK, I know you can use it for criminal activity too. But, as it is available on other platforms already I don't see the problem with it becoming available for new ones too... ...after all you can use even you car to good or bad - not even mentioning firearms... (Well, seems that I just did.)

    --
    If all else fails, pull the plug and get out...
    The Life is out there...
    1. Re:Good/Bad by Anonymous Coward · · Score: 0

      >>OK, I know you can use it for criminal activity too.

      And (I agree with you) just because something *CAN* use something for criminal activity, does not make it illegal. This goes from many things, from VCRs to knives to guns to cars to paper to hammers to computers. ;-)

  3. Apple Laptops are not ideal for WiFi hacking by siferhex · · Score: 3, Interesting

    Because of the inaccessability of AirPort cards in Apple's laptops it's difficult to attach an external antenna to the cards. Without an external antenna one tends to be much more conspicuous sniffing a network as you've got to be in the thick of it.

    IMHO this release is a good thing, as people mostly want to scout out their own networks to help set up coverage, monitor interference, etc. and Kistmet is an excellent program for doing so.

    1. Re:Apple Laptops are not ideal for WiFi hacking by Rommel · · Score: 1

      I think Apple's laptops already have an antenna. It's not external to the laptop, but it is external to the card itself.

      Do WiFi sniffers use extra big external antennas?

    2. Re:Apple Laptops are not ideal for WiFi hacking by martingunnarsson · · Score: 1

      Yes, they have built in antennas (just like the new iMac:s), but if you want to sniff a wireless network you probably want to have some kind of long range antenna.

      --
      Martin
    3. Re:Apple Laptops are not ideal for WiFi hacking by sco08y · · Score: 2, Informative

      You're in the thick of it, granted, but as far as they can tell you haven't got any 80211.b card at all. You can tell them, hey, I'm just using my laptop. Go look for someone with an external antenna.

    4. Re:Apple Laptops are not ideal for WiFi hacking by sco08y · · Score: 1

      Just typing on my iBook now... it's actually quite accessible, only you'd have to pop the keyboard off. Since this only takes a few moments, I don't think it'd be a huge issue.

    5. Re:Apple Laptops are not ideal for WiFi hacking by Anonymous Coward · · Score: 0

      There is a built in antenna, its around the LCD on on iBook and PowerBook, not on the card itself. Attached to the airport card is a little black wire running to the antenna.

    6. Re:Apple Laptops are not ideal for WiFi hacking by anarkhos · · Score: 2

      I have a new TiPB and it isn't as easy. You have to remove the bottom panel.

      If I heavily get into 802.11b I'll likely look for an easier way. However by then cracking tools will be available for 3rd party cards like the EnGenius Senao or whatever.

      --
      >80 column hard wrapped e-mail is not a sign of intelligent
      >life
  4. How long will it be... by Anonymous Coward · · Score: 0

    ...before this shows up on Leo Laporte's iBook?

  5. bah! by 1155 · · Score: 1

    anyone got a mirror, this seems to be appledotted... :)

    Actually, this is a good thing, I can finally convince my employer that maybe it's not such a good idea, as anyone with a mac can login.

    1. Re:bah! by Pathwalker · · Score: 3, Informative

      Yep - seems to be down now.

      If you want the binary, you can grab it from my box here - I didn't save any of the web pages.

    2. Re:bah! by bearded_yak · · Score: 1

      VersionTracker has it:

      http://www.versiontracker.com/moreinfo.fcgi?id=171 99&db=mac


      -Bearded Yak
    3. Re:bah! by bearded_yak · · Score: 1

      Never mind, thought their site pointed to somewhere else for the file. It just points to the same site, which still has some problems apparently.

  6. Is all WEP protection useless? by Anonymous Coward · · Score: 0

    I'm using alleged 128-bit WEP encryption. Are y'all saying it's useless?

    1. Re:Is all WEP protection useless? by Toy+G · · Score: 0

      It's not useless, it's simply not reliable enough from a security pov: almost everyone could crack it in less than an hour (much, much less).

      For a good security policy, you should use wep AND other things, like VPN.

      --
      -- Let's go Viridian.
    2. Re:Is all WEP protection useless? by andyhuey · · Score: 1

      I'm using alleged 128-bit WEP encryption. Are y'all saying it's useless?
      A line I've heard repeated a few times recently is that turning WEP on is basically enough to indicate to people that your network is private. Honest, courteous, people will understand that and keep out. Anyone who's determined to break in, though, will have a fairly easy time of it.
      What I'm curious about is whether or not anyone has come up with a wireless access point that integrates something more robust on top of WEP, in a consumer-friendly, easy-to-use way.

  7. Kismac not related to kismet by Anonymous Coward · · Score: 5, Informative

    Just for the record - kismac is NOT a variant of kismet. Kismac is, to the best of my knowledge, closed source and as such is unrelated to the Kismet GPL codebase.

    For those interested, Kismet SHOULD have native OSX support, also using the viha drivers, in the 2.8 release. Stay tuned to the development changelogs. Anyone interested in furthering development (I don't have an OSX box) are welcome to drop by in #kismet on openprojects.net

    -dragorn

  8. Fuck Yeah! by Anonymous Coward · · Score: 4, Interesting

    It's about time OS X got decent wifi drivers! From what I can tell, it's really the ViHa driver we have to thank here. KisMAC is just a pretty cocca frontend.

    Since reading the story yesterday, I've already found a number of non-broadcast networks in my area that MacStumbler couldn't see.

    The Viha driver removes your network interface, though, so ifconfig en1 says interface en1 does not exist and you can't sniff with ethereal et al while scanning. KisMAC dumps pcap files though, so you can examine your captured data after the fact with the tool of your choice.

    Thanks much to the ViHa people for writing this awesome driver!

    1. Re:Fuck Yeah! by love_fsd · · Score: 1

      hello miss pleaze send your all picture sex and young hard fuck picture and different style i will wait your picture

  9. AirPort Secured Against Weak Packets? by Anonymous Coward · · Score: 0

    I've been doing a bit of research, and it looks like AirPort has been secured against the weak packets needed to break WEP. On a pair of 10.2.2 machines with the latest Airport updates, I have been unable to collect any weak packets with the 1st Mac being a software base station, with uploads and downloads to it. I've tried both 40 and 128bit encryption, and it's all comming up negative. Has Apple secured itself(at least the software portion) against these WEP attacks? If so, there's one more thing to boast about with a Mac.