What Is WEP Wi-Fi Encryption & Why Is It Really Insecure?
Whatsapp Pinterest

what is wep keyIf you’ve set up a wireless network before, you’ve probably read or been told to use WPA2 instead of WEP, because WEP is bad. Why is that? And what is WEP anyway?

Good questions. WEP was the first standardized way of securing wireless networks. It encrypts your data – which is good – but doesn’t do so well enough to stop people from eavesdropping – which is bad. The main problem with WEP is that it’s been solved, meaning anyone can break into a WEP network using freely available tools.

Imagine if a particular kind of lock for a door could be opened using only a credit card – just slide the card beneath the latch, pull up and you’re in. That’s a problem, right? Anyone who knows about this weakness could open any door using this lock.

Now imagine if most people knew that this particular kind of door could be easily opened. You wouldn’t use that door to protect your house – it’s a little better than not locking your door at all, but not much because that lock has a weakness, and everyone knows what that weakness is, that lock is effectively no longer useful.

WEP has a weakness, and everyone knows what that weakness is. WEP is a little better than not securing your wireless network at all, but not much. If you use WEP anyone can crack your code in minutes and start using your WiFi – and monitoring everything you do online. This could mean kids using your wireless to download TV episodes, or it could mean criminals stealing your identity. Either way, it’s not worth it.

Cracking WEP keys isn’t quite as simple as sliding a credit card to open a a door, but it’s pretty close. Don’t believe me? Check out James’ tutorial for cracking a WEP network How to Crack Your Own WEP Network to Find Out Just How Insecure It Really Is How to Crack Your Own WEP Network to Find Out Just How Insecure It Really Is We’re constantly telling you that using WEP to 'secure' your wireless network is really a fools game, yet people still do it. Today I’d like to show you exactly how insecure WEP really is, by... Read More using Backtrack Linux. You’ll be amazed how simple the process is. There’s a reason the credit card industry banned processing payments over a WEP network – it’s fundamentally insecure.

What Is WEP?

WEP stands for Wired Equivalent Privacy. It’s hard to think of something more secure than a direct, wired transfer of information – unless someone has access to the wire they can’t do anything to intercept the signal. So WEP’s name outlines the reason it exists – to bring the security of a wired connection to the world of wireless communication.

what is wep key

If there’s no security on your wireless router, that’s a problem. Unless individual sites offer security, everything you do online can be seen by anyone close to your network curious enough to snoop on you. They don’t even need to connect to your network: you’re literally broadcasting it. Every password, every search, every naughty image downloaded – unless the sites you browse all use SSL to encrypt traffic (ie, you see “https://” in the address bar) you’re vulnerable.

WEP was designed to stop such snooping by encrypting your traffic. And it worked, for a while. WEP became a standard in 1999, but by 2001 it was completely solved – anyone could crack a WEP network and watch what happens on it, quickly. This also allows unauthorized people to connect to your network, giving them access to any shared files and more, depending on their skill.

Why Does WEP Suck?

This 2001 paper, by Nikita Borisov, Ian Goldberg, and David Wagner of UC Berkeley, outlines the failings of WEP nicely. Read it if you want a full explanation of WEP’s shortcomings.

what is wep security

It’s a hard flaw to boil down without jargon, but I’m going to try. A standard network encrypted by WEP uses two keys to encrypt every bit of information sent. The first is your password, which is set up on the router and typed by users like you who’d like to connect to the network. The second key used to encrypt all information is a randomly generated one, called an IV.

Again, I’m simplifying here. If you can explain better, please do so in the comments below.

Assuming every IV key is completely different than every other IV key there is no problem. But you can’t assume that, because WEP uses such short IV keys there are only around 16 million possible ones. IV keys are so short that there isn’t enough of them to go around. Because of the sheer volume of information transferred it’s inevitable that there will eventually be a repeat. And once a repeat happens its easy to figure out what the message being transferred is – and from there to figure out what every bit of information being transferred is, regardless of IV key. You have the password, giving you full access.

what is wep key

There are many different ways to hack a WEP network at this point, but most of them boil down to this in some way. Again, read this paper if you want more specifics.

What To Use Instead?

When it became obvious WEP was fundamentally flawed another protocol was created to replace it – WPA. But even that was intended to be temporary, and is also vulnerable in some ways. That’s why it’s recommended that you secure your network using WPA2 today. It’s not foolproof, but with a secure password your Internet traffic over WPA2 is as secure as possible.

Curious just how secure you are? Read James’ piece on how easy it is to crack a WiFi network How Easy Is It to Crack a Wi-Fi Network? How Easy Is It to Crack a Wi-Fi Network? Wi-Fi security is important. You don't want intruders piggybacking on your precious bandwidth -- or worse. There a few misconceptions regarding Wi-Fi security, and we're here to dispel them. Read More , which outlines flaws in WPA2 and provides tips for further security.

If your router doesn’t support WPA2 it’s seriously time to replace it. If that’s not an option right now, Christian outlined how to secure your wireless network in the short term by assigning it an aggressive name Secure Your Wireless Router In The Short Term By Assigning It An Aggressive Name Secure Your Wireless Router In The Short Term By Assigning It An Aggressive Name As more devices ship with wireless networking capabilities, it becomes increasingly important to have routers that are capable of handling connections from hardware such as tablets, laptops and mobile phones. The problem is that many... Read More . It’s not a long-term solution but it’s better than nothing.

Do you have any other security tips? Share them in the comments below, because I always value a conversation.

Image Credit: via Shutterstock

Explore more about: Encryption, Wi-Fi.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. vibhashsinha
    May 3, 2019 at 7:23 am

    Your Article was very Informative. But you have done a sentence mistake on 4th para(1st line), (Now imagine if most people knew that this particular kind of door could be easily opened) there must be kind of lock instead of door.

    Thanks me later bro!!!

  2. anonymous
    January 2, 2015 at 1:37 am

    WEP is so stupid. I went to my cousins house they have WEP and i came with my 4 year old mini laptop with kali linux and i cracked their key ( it's very long) in under 2 minutes. i was able to connect with the key i cracked. btw i'm just 12 years old

  3. Ron Lister
    February 11, 2013 at 5:10 pm

    Security is good, I see Muo has a some other articles on the subject I'll be readingthose as well. Thanks for the article Justin. Even now that card companies are more strict on security you still here about the crooks sucking up creditcard data even from places like parkinggarages. I just think no mater what secure means we come up there is a crook who will find a way to beat it. wish there was a way to detect the intrusion.

  4. Keith Swartz
    February 7, 2013 at 11:58 pm

    Great article! It is definitely about a subject, SECURITY, we should all be concerned about. Thank-you for shining a light upon it.

  5. Prajjwal Rao
    February 6, 2013 at 6:29 pm

    thanks now i understand everything... the hassle i went through before was bad.... now its clear... thanks really!

  6. Bilal
    February 6, 2013 at 6:28 pm

    I use WPA2 with 15 characters, is it safe or should I use more characters?

    • Alberto Lerma
      February 7, 2013 at 8:05 am

      As long as your password isn't a word or something like: "AAAAAAAAAAAAAAA" I think you're ok but you'll never be 100% secure, for example: Most routers contain something called WPS (sometimes there's a button on the front). WPS makes life easier by allowing you to connect devices without the lenghty password. But it create a big security hole as WPS is hackable with some tools like Reaver in 4 hours.

      So, if your router let you, deactivate it (it might require some advance knowledge and in many routers it can't be done) ASAP.

      • Mihovil Pletikos
        February 7, 2013 at 7:53 pm

        or better install open-wrt or something similar....

        • Alberto Lerma
          February 10, 2013 at 2:42 am

          Yes good point, totally forgot about it. 1 like for you.

  7. Rigoberto Garcia
    February 6, 2013 at 5:47 pm

    Great article Justin. Thanks...

  8. Florin Ardelian
    February 6, 2013 at 5:24 pm

    I'm sorry, but the idea of attempting to name your wireless to prevent hackers is just plain silly. It's the same as using the door with the lock which can be opened by credit cards (and everyone recognizes the lock by just looking at your door), while taping a paper with "Police station" written in Comic Sans on said door.

    That kind of advice is very dangerous, because there will always be those who will take it seriously and they will gain a false sense of security. Whoever has enough knowledge to use a WEP cracking tool is not fooled by a network named "IWillHackU" and no matter how clearly you explain it to people, there will always be some who will just not get it.

    • Justin Pot
      February 6, 2013 at 5:31 pm

      Like I said: it's seriously time to replace your router. Do that.