Following my last post regarding WEP being insecure I think it’s a good idea to explain why it is flawed and how easy it is to break the WEP key. The following information is for educational purposes only and we would never recommend you trying to hack a wireless router that does not belong to yourself. While I am not a lawyer breaking into a wireless router would fall under the Computer Misuse Act of 1990 and the 2003 Communications Act. The Computer Misuse Act can lead to a fine and a 5 year prison conviction.

The fundamental problem with WEP is because the WEP key is rarely changed by the user and each packet of data contains an initialisation vector to form an RC4 encryption traffic key then all packets of data will be linked to the initialisation vector.

Therefore a hacker can assume that all encrypted packets captured are related to the initialisation vector. A 24bit initialisation vector will have around 17million possible combinations, and with the birthday paradox it is very likely that for every 4096 packets that are sent (and caught by the hacker) two will shame the same initialisation vector and therefore the same RC4 key. With many keys used being weak it has been possible to break into a WEP secured network within 3 minutes.

The following are vidoes showing how easy it is to crack a WEP encrypted network

Cracking WEP

Cracking WEP in 1 min on a Mac