Slashdot Mirror

← Back to Stories (view on slashdot.org)

WEP Cracking for Mac OS X

Posted by ryuzaki0 on from the holiday-hacking dept.

Randar the Lava Liza writes "Finally there is a tool to put default Apple AirPort hardware into monitoring mode for wireless security analysis. KisMAC is a variant of Kismet that runs natively on Mac OS X. It requires a special driver to be installed to run the AirPort hardware in monitoring mode, and has built-in WEP cracking tools once enough weak packets have been sniffed."

11 of 29 comments (clear)

  1. Good/Bad by Tug3 · · Score: 4, Interesting

    I would say this is good news.

    At least I have been waiting for one. There is definate (legal) use for this, when you have to test you company's / other network. And specially if you have to prove the vulnerability to your boss.

    I know it's been available for ages to Linux platform, but as a TiBook user I had to use someone elses laptop for this. Now it's finally available for OS X...
    OK, I know you can use it for criminal activity too. But, as it is available on other platforms already I don't see the problem with it becoming available for new ones too... ...after all you can use even you car to good or bad - not even mentioning firearms... (Well, seems that I just did.)

    --
    If all else fails, pull the plug and get out...
    The Life is out there...
  2. Re:Great by Anonymous Coward · · Score: 5, Insightful

    One of the reasons why after a vulnerability has been discussed an easy to use exploit is a good thing is the tendency of higher-ups to disregard security risks which are only exploitable by a select few. WEP is not what its name suggests, but it is still the only line of defense in many wireless networks because the risk of being attacked still appears to be low. That has got to change.

  3. Apple Laptops are not ideal for WiFi hacking by siferhex · · Score: 3, Interesting

    Because of the inaccessability of AirPort cards in Apple's laptops it's difficult to attach an external antenna to the cards. Without an external antenna one tends to be much more conspicuous sniffing a network as you've got to be in the thick of it.

    IMHO this release is a good thing, as people mostly want to scout out their own networks to help set up coverage, monitor interference, etc. and Kistmet is an excellent program for doing so.

    1. Re:Apple Laptops are not ideal for WiFi hacking by sco08y · · Score: 2, Informative

      You're in the thick of it, granted, but as far as they can tell you haven't got any 80211.b card at all. You can tell them, hey, I'm just using my laptop. Go look for someone with an external antenna.

    2. Re:Apple Laptops are not ideal for WiFi hacking by anarkhos · · Score: 2

      I have a new TiPB and it isn't as easy. You have to remove the bottom panel.

      If I heavily get into 802.11b I'll likely look for an easier way. However by then cracking tools will be available for 3rd party cards like the EnGenius Senao or whatever.

      --
      >80 column hard wrapped e-mail is not a sign of intelligent
      >life
  4. Re:Great by tbmaddux · · Score: 3, Insightful
    Why go to the bother of making robust cracking software to exploit that particular problem unless you're actually a bad person doing bad things with a computer?
    Such software in general needn't only be used by blackhats. Whitehats can use it to test the security of their own systems.

    In this particular case, it could be used to see how exposed the rest of the internal network is to a lousy security scheme (WEP).

    Besides, these tools already exist on other platforms, so it's not like the blackhats suddenly have something they didn't have before to make our lives miserable.

    --
    Can't you see that everyone is buying station wagons?
  5. Re:Great by sco08y · · Score: 2, Insightful

    Yup. If I wanted to make the case that we still need a VPN even with WEP to a suit, it would be nice to actually crack the WiFi network and give them proof. Especially if I could show that someone could just sit outside the building and break it.

  6. Re:Great by Permission+Denied · · Score: 5, Informative
    Consider this analogy:

    MacOS X Server 10.1 used netinfo for authentication of client machines. The way it worked is that password hashes were stored in netinfo and netinfo was readable to the world (eg, it posted /etc/passwd on the Internet).

    The bosses would not believe this was a problem until I showed them how I could download all the password hashes from any arbitrary machine on the Internet and subsequently ran a cracker which found a large number of weak passwords.

    In fact, they failed to see the scope of the problem (it was completely debilitating) as they only saw me typing a bunch of commands and their eyes glazed over. If there were some point-and-click Mac toy that would download the hashes, run Crack in the background and report results, it may have convinced them of just how serious a problem it was. In fact, I considered writing such a GUI tool because I'm genuinely concerned about shops that buy MacOS X Server and don't have a *nix admin.

    Similarly, some people still don't understand that WEP is 100% useless (you can break it from a Palm for God's sake). I recommend completely turning off WEP so your users understand that any traffic going over wireless is world-readable. This may convince them to avoid plain-text password protocols and check that when they type their credit card numbers the site is using strong SSL. I've seen people send their credit card numbers over email, so this is absolutely necessary.

    WEP crackers are not in any way "hacker" or "cracker" tools, and I doubt they are widely used for illegitimage purposes - I would venture that many more people use netstumbler and airsnort to convince others that WEP is useless. Lowering the bar so there's some point-and-click tool that your grandmother can download is a good thing, since there is nothing "hard" about cracking WEP and people need to understand that.

  7. Re:bah! by Pathwalker · · Score: 3, Informative

    Yep - seems to be down now.

    If you want the binary, you can grab it from my box here - I didn't save any of the web pages.

  8. Kismac not related to kismet by Anonymous Coward · · Score: 5, Informative

    Just for the record - kismac is NOT a variant of kismet. Kismac is, to the best of my knowledge, closed source and as such is unrelated to the Kismet GPL codebase.

    For those interested, Kismet SHOULD have native OSX support, also using the viha drivers, in the 2.8 release. Stay tuned to the development changelogs. Anyone interested in furthering development (I don't have an OSX box) are welcome to drop by in #kismet on openprojects.net

    -dragorn

  9. Fuck Yeah! by Anonymous Coward · · Score: 4, Interesting

    It's about time OS X got decent wifi drivers! From what I can tell, it's really the ViHa driver we have to thank here. KisMAC is just a pretty cocca frontend.

    Since reading the story yesterday, I've already found a number of non-broadcast networks in my area that MacStumbler couldn't see.

    The Viha driver removes your network interface, though, so ifconfig en1 says interface en1 does not exist and you can't sniff with ethereal et al while scanning. KisMAC dumps pcap files though, so you can examine your captured data after the fact with the tool of your choice.

    Thanks much to the ViHa people for writing this awesome driver!