Feds Hack Wireless Network in 3 Minutes

← Back to Stories (view on slashdot.org)

Feds Hack Wireless Network in 3 Minutes

Posted by CmdrTaco on Tuesday April 5, 2005 @04:26AM from the still-can't-balance-budget dept.

xs3 writes At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques and broke a 128 bit WEP key in about three minutes. Special Agent Geoff Bickers ran the Powerpoint presentation and explained the attack, while the other agents (who did not want to be named or photographed) did the dirty work of sniffing wireless traffic and breaking the WEP keys. This article will be a general overview of the procedures used by the FBI team.."

6 of 501 comments (clear)

Min score:

Reason:

Sort:

Not too surprising by SeanTobin · 2005-04-05 04:27 · Score: 0, Offtopic

They didn't do a full brute force on the key (which takes around a gig of captured packets and a few cpu-hours to do). What they did was exploit the fact that many wireless AP's allow you to select a pass-phrase and generate a set of keys from that. They then ran a dictionary attack against the pass-phrases and checked the resulting keys. Not a bad job, but they could do much better. Here's how:

First, the first 24 bits of the key are transmitted in clear text. This allows you to narrow the field of keys by 2^24. Not too useful on its own - but...

Secondly, pre-compute the keys of all words in a dictionary attack. Select only the resulting keys whose first 24 bits match your target. You now have ((dictionary size*4) / 2^24) keys to check through. (dictionary size is multiplied by 4 since most AP's allow you to select one of four keys for any given pass-phrase.)

Now, this will handle most novices who setup their router with a weak passkey. For defense against this attack, simply don't use a password/phrase. MD5ing a certain length of /dev/urandom and using that as a passkey is almost certain to thwart this attack, although it can still be brute forced with enough captured data and cpu time.

Of course, if you really care about people sniffing your traffic, you should be using ipsec anyway.

--
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
Re:takes me longer than 3 minutes by ahsile · 2005-04-05 04:31 · Score: 0, Offtopic

... ... ...
bwa ha ha ha ha ha.

This is so true.

--

Find Nearby Indie Events
one word: by Run4yourlives · 2005-04-05 04:55 · Score: 0, Offtopic

email.
teh Fedz got mad skillz by Anonymous Coward · 2005-04-05 05:08 · Score: 0, Offtopic

FBI r l33t!
Re:And I always thought... by ch-chuck · 2005-04-05 05:21 · Score: 0, Offtopic

that's what they want you to think.

--
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Re:First DEAD BEEF by intangible · 2005-04-05 08:19 · Score: 0, Offtopic

Somehow, I read "Bad Boob" in there.