Wireless LANs (WLAN) are becoming increasingly popular. They're extremely convenient for lap top users, and for home networks : no need for cables all over the place, just sniff the air waves and connect. Obviously, this poses kind of a risk : anyone with a WLAN enabled computer can look around, see what WLAN's are there to be found, and come in to have a look. While IT professionals (hopefully) understand these risks, the average home user or DIY adept might just unpack his new toys, set them up, and leave the wireless network unprotected. Happens all the time. After all, buyers expect things to work "out of the box" - so vendors sell their stuff so that it will.
Used to be so that WLAN's were secured through WEP - Wired Equivalent Privacy : without the right key, it would be impossible to decrypt the data flying around on the air waves. Unfortunately, WEP encryption proved quite weak, and can easily be broken. What follows is a 5 step intrusion guideline : it shows how easy it can be to get access to a wireless network. It is based on a commercial from a company that sells security ... (used to be at http://www.lucidlink.com/wireless_hackers.asp -- link is now dead), and a small tutorial made by someone at www.governmentsecurity.org (link gone stale, butcached here)
Here's a screenshot of NetStumbler :
In order to calculate the WEP key (in step 3), you 'll need to capture data. The stronger the encryption (longer keys), the more data you'll need to be able to calculmate the key. E.g. you will need between 200000 and 700000 IV's to be able to crack a 128 bit WEP key.
With enough data to analyse, it's quite simple to find a valid decryption key :
Once you have a key, decrypting is a piece of cake
With Ethereal, captured data is presented in human readable form, allowing you to look for usernames and passwords being transmitted (so you can use these to log on), or to read mail and chat while it's being transferred ...
The purpose of this article is to illustrate how cracking and intrusion can be done, so that people can check if any of the above methods could be applied against their systems. This article should not, in any way, be seen as a manual for or encouragement to criminal activity of any kind.
Some of my opinions about cracking can be found here .
Updated April 2008 :