The wonderful thing that most SOHO wireless device manufacturers are promoting is encryption. WEP, being the most commonly used encryption method available, appears to be used in about 48% of most wireless installations, based on past experiences while wardriving–while 2% being WPA, and the rest being completely in the open. Thanks to WEP and WPA, you need to figure out what the key is in order to get on the network.
However, one false claim these router manufacturer make is that these methods are secure, let alone fully 64 or 128-bit in terms of encryption. Most routers are really set up to do 40-bit or 104-bit encryption, as have they have that 40 and 104-bit portion as the secret key, where as 24-bits are allotted for an initialization vector that is submitted in plain text (hint: this is why you give a word in the standard router configuration software you get upon purchase). This effectively means that any key you make is going to be weak regardless, as if someone is snooping packets, they’ll eventually get ahold of the vector and be able to use a scheduling attack against your key.
WPA is a bit better than WEP as it changes its key as the network is used, but it is still vulnerable to a brute force attack as in order to get on to a WPA network you require a pass phrase. Using a brute force attack against the pass phrase, you could eventually figure out the pass phrase, and being that most people use a simple word when they make the phrase, breaking it via this method can be effective. There are also methods that forces clients on the network to re-authenticate, allowing one to capture a handshake. As well, one other method involves capturing enough packets before the pre-shared key is found on the network.Read Full Story