Vulnerabilities of WEP-based Wi-Fi Phones

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


Since most if not all the Wi-Fi phones on market these days use WEP as
their security protocol, does this mean it's a piece of cake to hack
and actually listen to a phone conversation without being detected ?
From my understanding, one could use WEPcrack or any other tool and
quickly gain access to the WEP keys used by the Wi-Fi phone.

Knowing WEP's well-known and document vulnerabilities, what are the
risks that an organization is exposing itself to when deploying Wi-Fi
phones ?

Paul.


Re: Vulnerabilities of WEP-based Wi-Fi Phones


On 24 Jan 2005 12:41:59 -0800, paul_silverman@mail.com (Paul
Silverman) wrote:

Quoted text here. Click to load it

No.  It's not a wireless wiretap.

Quoted text here. Click to load it

Nope.  The current technology requires sniffing the traffic and
capturing enough traffic to crack the WEP key.  Then, the captured
traffic can be decoded.  You could setup a promiscuous mode wireless
card, feeding some kind of VoIP codec decoder, to listen to traffic.
That will give you one side of the conversation unless you were
ideally located in between the access point and the client radio.
Cracking the WEP key is fairly well documented and doable.  Extracting
useful information from the data stream is a bit more complex.

Quoted text here. Click to load it

Depends on the encryption and environment.  I don't consider wiretap
to be the main risk.  Instead, unauthorized use might a be a more
common attraction.  In general, if the phone supports WPA, you're safe
enough.  WEP has largely become a security problem.  Note that WEP2,
with AES encryption is coming real-soon-now and everything you buy
today may soon be obsolete.

Drivel:  An industrial espionage job was uncovered about 6 months ago
where the perpetrators used a telescope and a video camera to record
the computer screen and keystrokes.  Apparently, it had been in place
for about a year.  3M even makes "security screens" for CRT's and
LCD's to limit the viewing angle:
  http://www.secure-it.com/products/privacy_lcd.htm
Also, I've played with a phased multiple microphone room bugging
device that could extract individual conversations from a room full of
other conversations.  That was about 1985.  Who needs wiretap when
there are easier ways?


--
Jeff Liebermann    jeffl@comix.santa-cruz.ca.us
150 Felker St #D   http://www.LearnByDestroying.com">http://www.LearnByDestroying.com
Santa Cruz CA 95060    AE6KS  831-336-2558


Site Timeline