WEP was never meant to secure a network, but was designed only to provide a WLAN with the level of security and privacy comparable to that expected of a wired LAN. This is clearly indicated by its full name, "Wired Equivalent Privacy". Recovering a WEP key is the equivalent of gaining physical access to a wired network. What happens next depends on the steps that have been taken to secure resources of the network itself.
Enterprises have long used authentication and sometimes VPNs to secure their wireless LANs. Unfortunately, most home and many small businesses have neither the skills, equipment or, most importantly, the desire to control network access via authentication.
As we said at the beginning, a lot has changed in the two years since our original article. The tools have gotten better and more powerful, as anyone who uses the aircrack-ng suite will agree.
But the wireless landscape has changed, too. Users are finally moving to WPA and WPA2 security instead of WEP. This trend could actually accelerate with the transition to draft 11n, which achieves its best secured speeds with WPA2, and falls back to 802.11g speeds when WEP is used. And even users who haven't yet moved to WPA/WPA2 are at least running WEP. So maybe they are listening to all of the warnings after all.
We're sure no one who reads SmallNetBuilder would be foolish enough to be using WEP, as WEP cracking isn't exactly new. But think about your friends and family. Perhaps they aren't aware of the limitations of their chosen encryption. Some may not even be aware that encryption is required! Kevin was appalled to find that half the WEP encrypted networks he could see had hardware less than a year old, provided by British Telecom, one of the largest suppliers of broadband in the UK!
Remember, with great power comes great responsibility! Use your new skills to show friends, family and co-workers that their WEP-encrypted networks provide only an illusion of security.
We would like to thank the following people and sites that helped us produce this article:
- Christophe Devine and all the contributors to the aircrack-ng suite
- Max Moser and the rest of the remote-exploit team for Back Track
- UmInAsHoE over at governmentsecurity.org
- David and others over here for tips on using the Ralink shipset.