You've probably heard in the past how dangerous WEP encryption is, and that you shouldn't use it on your home network. What is WEP, and why do people advise against using it?
Let's break down what WEP means and all of the flaws that come with it.
What Is WEP?
WEP stands for "Wired Equivalent Privacy," and it's one of the early-day security protocols for Wi-Fi. When you use Wi-Fi, your computer sends packets of data to your router. If these packets aren't encrypted, hackers can peek at them and see the data within. This tactic is known as a Man-in-the-Middle (MitM) attack.
If the packets are encrypted, then anyone performing a MitM attack on the network will see what you're sending. That's what WEP solved; it encrypted your data so people couldn't peer into the packets.
Why Is WEP Insecure?
To understand WEP's major flaw, let's imagine a company that produces puzzle books. These books are renowned for being filled with incredibly tricky puzzles which require a lot of computational power to solve. Due to the extreme difficulty of the book, people like to collaborate to solve the puzzles.
The writers of the book want to fill it with enough content so that they can publish another one before the readers complete the current edition. If the general public solves the book before the book publishers release a new one, they have to get a new book out ASAP.
The Strength of Each Puzzle Book
We can break down the "strength" of each book by these properties:
- The complexity of the puzzles. If the puzzles are harder to solve, the readers take more time to crack them. In the first few editions of the book, the puzzles were quite hard; however, after seeing how readers cracked previous editions, the puzzle setters have made them more devious over the years.
- The number of puzzles. As the puzzle setters get better at making puzzles, they can also fit more puzzles into each book as time goes on. This then extends the time needed to solve the book.
- The number of people who buy the book. If only one person buys the book, they'll take a very long time to finish it. Conversely, if one thousand people buy it, the time it takes to solve a book shortens drastically.
From these three properties, you can make a rough estimate of how long it will take to solve a whole book. For example, if it takes a month for one person to solve one puzzle, and the book contains a thousand puzzles, it'll take a dedicated team of one hundred people to solve the book within 10 months. As such, the next book should be ready to go before 10 months has passed.
This does mean that the older the puzzle book, the higher the chance that it's solved already. This is especially true for the first few editions of books, which contains easier and fewer puzzles than later versions.
Why WEP's Age Works Against It
In the same vein, WEP's age makes it an insecure choice for encryption. It was the first protocol created for Wi-Fi, it has been out since 1997, and millions of people have used it since then.
From the puzzle book example, WEP would be the very first puzzle book to be released and fully solved. People on the internet can easily find tools that can break open WEP security, much like how people could search all the answers for the first puzzle book.
How Hackers Crack WEP Security
The main problem with WEP is that it only uses one static key when sending data from your computer. This wasn't a problem when WEP first arrived; however, as time went on, hackers cracked the code behind the keys. As such, once a hacker knows the key for your Wi-Fi communication, they can break the encryption and read the data you're sending.
Of course, a hacker can't just apply a key and hope for the best---there are lots of WEP keys your computer can pick. However, hackers can keep an eye on the packets and monitor patterns in the encryption. Then, they work out what key fits the profile and crack the code.
It's now at the point where people can download tools which automatically do this for them. They point the program toward a WEP-enabled network and leave it to monitor the pattern and crack the password by itself. As such, using a WEP-based connection in this day and age is very dangerous.
Does WEP See Use Today?
If WEP came out in 1997, then surely everyone has upgraded their networks by now?
Unfortunately, WEP is still around on some ancient systems. Usually, this is because someone set up a system a long time ago, and the people who run it are unaware of the security risks that arise if you don't upgrade.
As long as the system runs as it should, the organization won't feel the need to upgrade. Some businesses are still using Windows XP, after all!
What to Do If You Use WEP Security
If you use WEP on your home network, you're at risk of people snooping on your connection. As such, it's worth upgrading to a stronger network protocol to keep people out.
Ideally, you're on the lookout for a router that supports WPA2. WPA2 is a secure protocol that's tougher to crack than WEP. It's not perfect, but it'll secure your network a lot better than WEP.
If you feel like spending a little extra, you can buy routers with WPA3 enabled, which is even stronger; however, at time of writing, WPA3 is still an emerging protocol and may cost you extra for the luxury.
Alternatively, if you find your current router's signal gets unstable at long distances, you can use this opportunity to purchase a long-range model. Be sure to take a look at the best long-range Wi-Fi routers for some ideas.
Securing Your Wi-Fi Network With Security Protocols
While WEP used to be secure, hackers chipped away at its defenses over time. Now, WEP is at the point where a budding hacker can download a tool that does all the work for them. If you use WEP, it's a good idea to upgrade your security and avoid MITM attacks.
If all these security protocol names make your head spin, why not learn about the WEP, WPA, WPA2, and WPA3 Wi-Fi security types?