Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Researchers Put Nail in WEP's Coffin

Already-weak encryption protocol now can be cracked in three seconds

Its first flaws were exposed more than six years ago, but WEP continues to be one of the industry's most popular means of encrypting wireless transmissions. Now German researchers say they've found a hack that might put the flawed protocol down once and for all.

Speaking at a conference in Hamburg, Germany over the weekend, three researchers from the Darmstadt University of Technology demonstrated their ability to extract a WEP encryption key from an intercepted stream of data in about three seconds.

Wired Equivalent Privacy, which was first shown to be insecure when researchers cracked the RC4 key scheduling algorithm in 2001, has been remarkably stubborn in its growth over the years.

In a study conducted last year, security vendor RSA found that roughly 78 percent of all wireless LAN and WiFi systems found in Paris were encrypted with WEP, compared to only 69 percent in the previous year. In London, RSA found that WEP usage increased to 74 percent of all wireless networks in 2006, up from 65 percent in 2005. In New York, 75 percent of networks found used WEP defenses in 2006, up from 62 percent in 2005.

WEP's growth is attributed mostly to its wide use in wireless hardware. Despite a long string of reports demonstrating various ways to crack the code, vendors continue to include it in their systems, and users -- many of whom don't understand its weaknesses -- continue to use it in their everyday wireless communications. WEP is incorporated into the IEEE's 802.11 standards, which makes it standard-issue on most wireless devices.

In a paper presented this weekend, however, Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin made a strong case that users should never employ WEP, even if it is available on their machines.

"While arguably still providing a weak deterrent against casual attackers in the past, the attack described in this paper greatly improves the ease with which the security measure can be broken and will likely define a watershed moment in the arena of practical attacks on wireless networks," the researchers state.

In a nutshell, the paper describes a method for extending the original RC4 vulnerability to the entire WEP protocol, making it possible to extract the 104-bit WEP key from an intercepted data stream using a 1.7 GHz Pentium M processor.

The researchers emphasized that the crack can be done with a relatively low-performance device, and might even be done with a PDA or mobile phone.

But while the Darmstadt researchers discouraged the use of WEP, one vendor announced a method to reduce the vulnerabilities in WEP transmissions. AirDefense last week unveiled its WEP Cloaking Module, a method of enveloping WEP traffic in a stream of dummy data traffic that uses a different key.

"Our technology enables companies to preserve their existing, and often considerable, investment in wireless devices -- even after their security life-span has seemingly expired," says Mike Potts, president and CEO of AirDefense. The cloaking technology, which is offered as part of the AirDefense suite, is available now.

— Tim Wilson, Site Editor, Dark Reading

  • AirDefense Inc.
  • RSA Security Inc. (Nasdaq: EMC) Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Data Leak Week: Billions of Sensitive Files Exposed Online
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
    Intel Issues Fix for 'Plundervolt' SGX Flaw
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    The Year in Security: 2019
    This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-5252
    PUBLISHED: 2019-12-14
    There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
    CVE-2019-5235
    PUBLISHED: 2019-12-14
    Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
    CVE-2019-5264
    PUBLISHED: 2019-12-13
    There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
    CVE-2019-5277
    PUBLISHED: 2019-12-13
    Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
    CVE-2019-5254
    PUBLISHED: 2019-12-13
    Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...