Pretty much every home has a Wi-Fi network. While many of those networks may have no password, most people have password-protected their home network. What you may not know is that the password isn’t just used to restrict access to your Wi-Fi. It’s also used as an encryption key to encrypt the data being transmitted between your devices and your home router. This encryption protects you from hackers that may try to “listen” to the Wi-Fi transmissions and use that to hack into your network or monitor your internet activity.
At least, the encryption is supposed to protect you from hackers. Unfortunately, not all encryption is as strong as it should be. WEP, short for Wired Equivalent Privacy is one of those examples. Research has been shown and tools are publicly available that can hack into any Wi-Fi network that uses WEP in as little as a minute.
What is WEP?
WEP was the only encryption option supported in the first Wi-Fi protocol release in 1997. The protocol is relatively simple when broken down. A 40-bit encryption key is combined with a randomly-generated 24-bit Initialisation Vector (IV) to create a 64-bit “seed”. The seed is used to give the RC4 encryption cipher a starting point, from which it generates a binary keystream. The keystream is then XOR’d with the data to be encrypted, known as “plain text” to create the “ciphertext”.
Tip: XOR is a logical comparison process that compares two binary values. XOR stands for “exclusive or”, as such it is true if only one of the two values is true (a binary 1).
To decrypt and retrieve the plaintext, you just need to XOR the ciphertext with the keystream again. The keystream can be recreated because the receiver knows the encryption key and is sent the IV in plain text. When the encryption cipher is given the same seed, it will produce the same output.
Weakness of WEP
This was the strongest the algorithm could be when it was written in 1997. At the time, encryption was legally classed as a munition and was therefore subject to strict export controls in the US.
Unfortunately, the legislated weakness of the encryption key meant that it was relatively easy to break WEP. In 2001 three security researchers published details of a passive attack on WEP that can be used to recover the encryption key by simply eavesdropping on the Wi-Fi traffic.
When using a stream cipher such as RC4, it is important to ensure that the same keystream is never used twice. This is why a random IV is used, it changes for each network packet sent, preventing the keystream from being identical each time as it would be if just the encryption key was used. Unfortunately, a 24-bit IV is simply not long enough to ensure enough possible combinations. After 5000 network packets, there is a 50% chance that the same IV will be used again.
The problem with using the same IV, is it means the same keystream is used. In this case cryptanalysis (the analysis of cryptographic data) can be performed that can determine the original encryption key.
In a heavily used network, more than 5000 packets can be sent in a single minute. Even if the network is not heavily used, it is possible for the attacker to trick devices into sending more packets. Software is now freely available that can perform the whole process in minutes.
When US encryption export restrictions were relaxed, the WEP protocol was upgraded to support larger encryption keys, however, the uptake was not particularly widespread and the protocol still suffered a number of weaknesses. One such issue is the use of the RC4 algorithm, now widely regarded as too weak to be considered secure.
In 2003 WPA (short for Wi-Fi Protected Access) was released as an emergency replacement to the clearly weak and vulnerable WEP algorithm. A year later, in 2004 the full WPA2 protocol was released and became the Wi-Fi encryption standard and WEP was officially deprecated.
Tip: Deprecation is the process of retiring a standard. It indicates that the deprecated standard should no longer be used.
What Wi-Fi encryption should you use?
Where available the WPA3 protocol should be used, with WPA2 being the fallback position. Given that WPA2 was released in 2004 only limited amounts of even legacy hardware won’t support WPA2. In those situations WPA and WEP are still better than no encryption, however, you should be aware that anyone that wanted to access your Wi-Fi network would be able to do so with relative ease in the case of WEP or WPA.