Kits that crack WEP and guess WPA keys are popular despite hacking laws
Dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user.
Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year.
With one of the "network-scrounging cards," or "ceng wang ka" in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people.
To crack a WEP key, the applications exploit weaknesses in the protocol that have been known for years. For WPA, they capture data being transmitted over the wireless network and target it with a brute-force attack to guess the key.
Security researchers said they did not know of similar kits sold anywhere besides China, even though tutorials on how to crack WEP have been online for years.
Depending on many factors, WEP keys can be extracted in a matter of minutes," Muts said. "I believe the record is around 20 seconds."
The brute-force attacks on WPA encryption are less effective. But while WEP is outdated, many people still use it, especially on home routers, said one security researcher in China. That means an apartment building is bound to have WEP networks for a user to attack.
No comments:
Post a Comment