Most offices these days have their airspace saturated with wireless networks. It’s amazing therefore, with the ubiquity of wireless routers and hubs that there are still so many connections that are on the lowest encryption available. WEP. Possibly because the hardware in use only has that encryption available but you’d be surprised.
It’s quite trivial these days to crack a WEP password. A post in a forum I saw a couple of weeks back had a 12 second record! A fundamental flaw in the way WEP recycles its encryption key over and over means that if you collect enough packets, the key can be easily decrypted.
I did a quick scan of the local office space around ourselves this morning and was interested, but not surprised to find that out of 24 wireless networks, 7 were using WEP and 8 were using WPA(1). Whilst WPA is quite secure it’s still possible to obtain the key via brute force. WPA2 would take much much much longer and uses a different (and better) encryption than WPA(1), TKIP vs AES if you care.
Let’s focus on WEP. 7 out of 24 networks are vulnerable to attack. That’s almost 30%! I took the laptop down into our local town centre car park and obtained a similar proportion of WEP networks. It seems people just are not getting the message.
Some may say, well it does not matter, there’s nothing of interest on our network! Just remember, any attacker can now use that network to connect to the internet and by definition, that network is responsible for their actions. ‘Someone else used my network’ has proved not to be an adequate defence in the eyes of the law in music copyright infringement cases at least.
Most hardware these days can deal with WPA/WPA2. Ensure it is used to protect your network.