[WEP] Insecurity

Wayne E Baisley wbaisley@enspherics.com
Fri, 10 Aug 2001 15:37:52 -0500


Intern proves WLAN encryption protocol vulnerable
http://www.eet.com/story/OEG20010808S0042

MANHASSET, N.Y. -- A 20-year-old undergraduate student from Rice
University, Adam Stubblefield, has earned the distinction of being
the first to implement a devastating new attack on the wired
equivalent privacy (WEP) encryption protocol used in 802.11b wireless
local area networks. 

The attack, described in a recent paper by Fluhrer, Mantin & Shamir,
is the most deadly to date on the embattled protocol, allowing for
the rapid retrieval of the network key through passive means --
regardless of the key bit length.

Stubblefield, working as an intern at AT&T Labs (Florham Park, N.J.)
with AT&T research staff members John Ioannidis and Aviel Rubin, used
the $100 Prism II-based Linksys PC card and a Linux driver that could
capture encrypted WEP packets to perform the attack. Stubblefield's
attempt took just under a week, which included the time taken to
deliver the card, set up the testbed, perform debug and then finally
retrieve the key.

'Completely insecure'

"The implications are clear," Stubblefield said. "Basically, a
competent programmer who has access to the Shamir paper -- and
our paper to some degree -- could, in the space of under a week,
be able to do exactly what we did." While Stubblefield said he and
his coworkers won't be releasing their code, "someone else might, for
whatever reason. At that point, anyone can jump on it, and from there
everyone's network would be completely insecure."

A copy of Stubblefield's report can be found online through the Rice
University Web site.  http://www.cs.rice.edu/~astubble/wep_attack.pdf

For more technology news, visit http://www.eet.com

So how long before someone tosses Stubblefield in the pokey?  ;-)

Cheers,
Wayne