Swiftorial Logo
Home
Swift Lessons
Matchups
CodeSnaps
Tutorials
Career
Resources

WEP/WPA Attacks Tutorial

Introduction to Wireless Security

Wireless networks are prone to various attacks due to the nature of their broadcast medium. Two of the most common security protocols for wireless networks are WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). While WEP is outdated and considered insecure, WPA is more secure but still has vulnerabilities.

Understanding WEP

WEP was the original encryption standard for wireless networks, introduced in 1997. It uses a static 40-bit key for encryption, which can be easily cracked using modern computing power. The main weaknesses of WEP include:

  • Static Key: WEP uses a fixed key, making it vulnerable to key recovery attacks.
  • Weak Initialization Vectors: The use of short IVs leads to key re-use, allowing attackers to analyze traffic.

Due to these vulnerabilities, WEP is no longer recommended for use in wireless networks.

Understanding WPA

WPA was introduced as a replacement for WEP in 2003. It includes improvements such as dynamic key management and uses TKIP (Temporal Key Integrity Protocol) to enhance security. However, WPA is not immune to attacks; some common vulnerabilities include:

  • Dictionary Attacks: Attackers can use pre-computed tables to crack weak passwords.
  • WPA-PSK Weakness: If a weak passphrase is used for WPA-Personal, it can be easily compromised.

WPA2, which uses AES encryption, is a more secure alternative to both WEP and WPA.

WEP Attacks

Common attacks against WEP include:

1. Passive Sniffing

Attackers can passively capture packets from the network to analyze traffic without actively engaging with the network.

Example Command to Capture Packets:

airbreak-ng wlan0

2. Active Attacks

Active attacks involve injecting packets into the network to speed up the cracking process. By generating more traffic, attackers can increase the chances of capturing the same IVs.

Example Command to Inject Packets:

aireplay-ng -1 0 -e "YourNetworkName" -a [AP_MAC] wlan0

WPA Attacks

Common attacks against WPA include:

1. WPA Handshake Capture

The WPA handshake can be captured when a device connects to the network. This handshake contains the information needed to attempt a password crack.

Example Command to Capture WPA Handshake:

airodump-ng wlan0

2. Dictionary Attack

Once the handshake is captured, attackers can use tools to perform a dictionary attack, testing common passwords against the captured data.

Example Command to Perform Dictionary Attack:

aircrack-ng -w /path/to/wordlist.txt /path/to/handshake.cap

Preventing WEP/WPA Attacks

To enhance security and prevent these types of attacks, consider the following measures:

  • Use WPA2 with AES encryption for stronger security.
  • Regularly update your wireless router firmware.
  • Implement complex passwords and change them periodically.
  • Use a VPN for an additional layer of security.

Conclusion

Wireless security is crucial for protecting sensitive data. Understanding the vulnerabilities of WEP and WPA can help network administrators take proactive measures to secure their networks. Always opt for the latest security protocols and regularly update your security practices to mitigate risks.