WEP: Stick a fork in it

Tests show some vendors are lax about plugging WEP holes.

By Joel Snyder and Rodney Thayer
Network World, 10/04/04

Original Article on Network World Web Site

WEP is notoriously bad. We set out to find out just how bad.

The most egregious issue with WEP is its lack of key management. You pick an encryption key, give it to your users and then - typically - never change that key. Anyone who can recover your key can then decrypt all WEP traffic you've sent using it, compromise the privacy of your network and get a good handle on its access controls.

Based on several years of testing WEP products, we predicted the key recovery method employed by hacker tools such as WEPCrack and AirSnort (see How we did it) would be obsolete today because there are a variety of techniques that can defeat them. This round of testing proved that assumption dead wrong (see graphic, below). In addition to more than 40% of the products failing our WEP-cracking test, we found that some vendors actually have moved backward, meaning newer products might be more vulnerable to attack than older products.

Most vendors - trying to explain away the fact they are shipping code vulnerable to 3-year-old attacks - argued with us when we pointed to test results that showed their WEP implementations were cracked easily. Most justified their vulnerable WEP implementations by saying something akin to "if you were serious about security, you wouldn't be using WEP." That said, we still believe it's a bad idea to ship vulnerable products.

Although we checked with technical support regarding all products that failed our AirSnort test, only the three wireless switch vendors - Airespace, Aruba Wireless Networks and Trapeze Networks - went back to the lab and patched the holes for a retest.

AirSnort and WEPCrack aren't the only tools used to attack WEP. If you use 40-bit keys, there are tools such as KisMAC that can recover the key using brute force.

A number of the access point products we tested - including Belkin, Linksys and Netgear - have a "passkey" system, where you enter one password and all your WEP keys are generated. This technique often makes very "unrandom" WEP keys weaker than even 40-bit WEP keys.

Many vendors have built in what they call "high security" WEP, selecting keys that are longer than the industry-standard 104 bits. While that spins marketing wise, the technical point is pretty moot because trying to crack a 104-bit key with a brute force tool already will take longer than the projected life of the universe, so there is no need to go beyond that. But, on the downside, these non-standard longer keys cause interoperability issues.

So it's right to conclude that WEP is not the proper tool if you're serious about wireless security. Fortunately, most of the products we tested (all but the Linksys Cardbus wireless adapter) support better security.

Testing WEP security
Support for a wide variety of WEP flavors is common in access points, wireless switches and network interface cards, but many of the products we tested are very vulnerable to the 3-year-old key recovery technique available in the AirSnort tool.
Type Vendor AirSnort results WEP key support Supports weak WEP passphrase feature*
Wireless adapters

 

 

3Com Pass 40-, 104-, 128-bit keys Yes
Actiontec Fail 40-, 104-, 232-bit keys No
Apple Pass 40-, 104-bit keys Yes
Belkin Pass 40-, 104-bit keys No
Buffalo Pass 40-, 104-bit keys No
Cisco Pass 40-, 104-bit keys No
Linksys Fail 40-, 104-, 128-bit keys No
SMC Fail 40-, 104-, 128-bit keys No
Wireless access points 3Com Pass 40-, 104-, 128-bit keys Yes
Actiontec Fail 40-, 104-, 232-bit keys No
Belkin Pass 40-, 104-bit keys Yes
Buffalo Pass 40-, 104-bit keys No
Cisco Fail 40-, 104-bit keys No
Compex Fail 40-, 104-bit keys No
HP Fail 40-, 104-, 128-bit keys No
Linksys Pass 40-, 104-bit keys Yes
Netgear Fail 40-, 104-, 128-bit keys Yes
Netopia Fail 40-, 104-, 232-bit keys Yes
Proxim Fail 40-, 104-, 128-bit keys No
SMC Pass 40-, 104-, 128-bit keys No
Wireless switches Airespace Pass** 40-, 104-, 128-bit keys No
Aruba Pass** 40-, 104-bit keys No
Trapeze Pass** 40-, 104-bit keys No
*No is the preferable answer.
**Initially failed the test, but when we checked with support team, we were supplied with unvulnerable code.