Rest in pieces, WEP: Retire your WEP based WLAN equipment today
According to Alexander's Holy Weblog, a recent paper published, describes a new devastating attack for WEP enabled WLans and breaks it in matter of seconds...
The research paper from Andreas Bittau, Mark Henley (both researching at the University College of London) and Joshua Lackey (Microsoft) can be found here: http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf ) The new attack relies on packet fragmentation and use of the known 8-byte LLC/SNAP headers to speed up decryption.
As Alexander comments "...Basically it is so efficient it renders WEP useless. Totally useless. The method described in the paper breaks WEP in seconds. That said, mechanisms like EAP, changing WEP keys every few minutes, are useless as well. To proof their point, the paper refers to a tool called "wesside". The paper claims it can break many WEP networks in seconds. (For the curious: The tool is written for FreeBSD, and relies on low level functions of the Atheros WLAN card. Source is provided here: http://www.cs.ucl.ac.uk/staff/a.bittau/frag-0.1.tgz). Rest assured that someone has ported this to other platforms and alternate hardware by now.
To illustrate the gravity of the situation: according to the paper, typically around 76% of WLANs in the London Area are secured by WEP, in the Seattle Area an estimated number of 85% is given. Only 20% (London)/14%(Seattle) of WLANs use WPA, practically no one uses 802.11i
The consequence: Switch from WEP to WPA or 802.11i. Retire all your WEP-only equipment today. Methods relying on frequent change of WEP keys will no longer save you..."
For sure WEP protection is rather old and all users should switch to newer WPA.
As Alexander comments "...Basically it is so efficient it renders WEP useless. Totally useless. The method described in the paper breaks WEP in seconds. That said, mechanisms like EAP, changing WEP keys every few minutes, are useless as well. To proof their point, the paper refers to a tool called "wesside". The paper claims it can break many WEP networks in seconds. (For the curious: The tool is written for FreeBSD, and relies on low level functions of the Atheros WLAN card. Source is provided here: http://www.cs.ucl.ac.uk/staff/a.bittau/frag-0.1.tgz). Rest assured that someone has ported this to other platforms and alternate hardware by now.
To illustrate the gravity of the situation: according to the paper, typically around 76% of WLANs in the London Area are secured by WEP, in the Seattle Area an estimated number of 85% is given. Only 20% (London)/14%(Seattle) of WLANs use WPA, practically no one uses 802.11i
The consequence: Switch from WEP to WPA or 802.11i. Retire all your WEP-only equipment today. Methods relying on frequent change of WEP keys will no longer save you..."
For sure WEP protection is rather old and all users should switch to newer WPA.