Wednesday, February 29, 2012

WEP at a doctor's office?

In light of some recent events, I'm going to do my token "Full-Disclosure" blog entry right now. I'm going to discus the dangers of using Wired Equivalent Privacy, or WEP, to secure a WiFi access point. WEP is now fully depreciated, has been for some years, and more detailed explanations are vast on the 'net. My hope is that some one will read this, and then think twice about implementing WEP.

Side note: WEP does have its place, and I'll get to that.


Imagine, if you will, a doctor's office. Now, imagine a disgruntled divorcee. (Warning, the divorcee's language is very NSFW. If you're reading this line, then the NSFW content is already visible on your screen. lol)


    "I fucking hate that bitch! She got everything in the divorce! The house... the kids... my Corvette... I even lost my job and half my friends! I want her life to be as ruined as mine! I want her to lose her job! Now, I know you can to all that 'hacker' stuff. I want you to ruin her employer's network so they go out of business or get in trouble or something. I want revenge. I'll pay you a thousand dollars!"

Not at all a far-fetched scenario. And, if I'm, hypothetically speaking, taking the place of the nefarious individual with whom the divorcee is speaking, all I heard was "...a thousand dollars".

Now lets hear from our hypothetical bad guy hacker cloak and dagger whatever.


    "Dude, it was hella easy. All I had to do was spend a few hours in the parking lot across the street. I connected a USB WiFi dongle to a USB extension cord so I could run it out my moon roof. Then booted up BackTrack and, well, I'm not some damned skiddie, but I wanted to be as fast as possible, so I used Kismet to locate their WiFi, used Gerix to crack their WEP key, and the rest was pretty easy. They thought that they were playing it safe by requiring users to authenticate to a Radius server, but not really. I just changed my MAC address to one of the devices already authenticated - I think it was a Cisco VOIP phone - to prevent the network from booting me every five minutes. Then I just did a little ARP Poisoning with Ettercap causing a copy of all network traffic to be routed to my laptop. Then I opened up Wireshark to record all of the data. Later on, at home, I reassembled that captured traffic, and actually got some fascinating stuff. Some emails, a couple phone calls, x-rays, cat scans, ultra-sound, and just a TON of transcriptions destined for patient's charts. I gave this info to my dude, who gave me the grand he promised"
"What happened next?" we  ask our shadowy fiend.

    "I gave him his info, he gave me my money... I'm not exactly sure what he did with it, since I don't really care, as long as I got paid... But... I do remember hearing something in the news about that place. Yeah, they had some 'hippa' violations, and got sued by a bunch of patients. They settled out of court, but that's not what put them out of business. I guess that after this happened, their physicians couldn't get any malpractice insurance, and had to give up their doctoism, or something. Everyone lost their jobs."

"What did you do with the money?"

    "I used to to buy a motorcycle."


See? See why WEP is a terrible idea when security is your goal? Don't use WEP, unless you want to get in trouble, and let some black-hat hacker buy a motorcycle via your hardship and woe.

Why would anyone ever want to use WEP? Well, it's kind o a psychological thing, really. Think of it as a property marker. WPA is like a chain link or wooden fence. WPA2 is that same fence, topped with electrically charged razor wire. WEP is nothing more than a few sticks with pink spray-paint, delineating where your yard begins and ends. Some one would have to knowingly "trespass" your WiFi yard. It's like saying, I'm not really going to make sure that you can't get into my WiFi, but I'm making it well known that I don't want you there, and have legal recourse if you do break in.

That's stupid, though.

The other use that I can think of would be a diversion, like a WiFi honeypot. Set up a WEP network with some computers on it doing mundane things filled with useless or false information. Hopefully, the attacker will hack into your WEP WiFi, and ignore the one you've secured with WPA2 and made "invisible".

The most important thing we can do with WEP is use it as an example of what NOT to do, and to make jokes about it.

I like to refer to WEP as "Weak Encryption Protocol".

No comments:

Post a Comment