Slashdot Mirror


Feds Hack Wireless Network in 3 Minutes

xs3 writes At a recent ISSA (Information Systems Security Association) meeting in Los Angeles, a team of FBI agents demonstrated current WEP-cracking techniques and broke a 128 bit WEP key in about three minutes. Special Agent Geoff Bickers ran the Powerpoint presentation and explained the attack, while the other agents (who did not want to be named or photographed) did the dirty work of sniffing wireless traffic and breaking the WEP keys. This article will be a general overview of the procedures used by the FBI team.."

10 of 501 comments (clear)

  1. fr1st by Anonymous Coward · · Score: -1, Offtopic

    ps0t

  2. Not too surprising by SeanTobin · · Score: 0, Offtopic

    They didn't do a full brute force on the key (which takes around a gig of captured packets and a few cpu-hours to do). What they did was exploit the fact that many wireless AP's allow you to select a pass-phrase and generate a set of keys from that. They then ran a dictionary attack against the pass-phrases and checked the resulting keys. Not a bad job, but they could do much better. Here's how:

    First, the first 24 bits of the key are transmitted in clear text. This allows you to narrow the field of keys by 2^24. Not too useful on its own - but...

    Secondly, pre-compute the keys of all words in a dictionary attack. Select only the resulting keys whose first 24 bits match your target. You now have ((dictionary size*4) / 2^24) keys to check through. (dictionary size is multiplied by 4 since most AP's allow you to select one of four keys for any given pass-phrase.)

    Now, this will handle most novices who setup their router with a weak passkey. For defense against this attack, simply don't use a password/phrase. MD5ing a certain length of /dev/urandom and using that as a passkey is almost certain to thwart this attack, although it can still be brute forced with enough captured data and cpu time.

    Of course, if you really care about people sniffing your traffic, you should be using ipsec anyway.

    --
    Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
  3. FP by Anonymous Coward · · Score: -1, Offtopic

    First Post Linux Rocks!!!

  4. Re:takes me longer than 3 minutes by ahsile · · Score: 0, Offtopic

    ... ... ...
    bwa ha ha ha ha ha.

    This is so true.

  5. In Soviet Russia by elasticwings · · Score: -1, Offtopic

    Wireless Encryption cracks you!!!

  6. one word: by Run4yourlives · · Score: 0, Offtopic

    email.

  7. Re:Those Crazy Feds by TheLink · · Score: -1, Offtopic

    BTW here's my tip for luggage:
    1) Try not to keep really valuable stuff in your luggage.
    2) If you don't want your luggage to be "lost"/put on the "wrong flight":
    a) Don't make the contents appear strange in a luggage scanner - don't put stuff inside stuff or things like that, or put clocks in metallic containers...
    b) Don't make it too hard to crack open.

    Otherwise:
    1+2a) people will want to crack open your luggage to find out/get what's inside.

    2b) They may run out of time trying to break into it (legally or illegally), and delay it for the next flight (or take it all).

    It's just conjecture, but why else would they need 2-3 hour checkins for int'l flights ;). A lot of bags to sift through and open...

    Maybe one could make a resealable hole in luggage so that the snoops can poke around with an optic fibre camera and see what's inside.

    --
  8. teh Fedz got mad skillz by Anonymous Coward · · Score: 0, Offtopic

    FBI r l33t!

  9. Re:And I always thought... by ch-chuck · · Score: 0, Offtopic

    that's what they want you to think.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  10. Re:First DEAD BEEF by intangible · · Score: 0, Offtopic

    Somehow, I read "Bad Boob" in there.