How to crack Wi-Fi encryption - just guess the right password
By John E. Dunn | Published: 11:18, 05 December 2006
Turn on a Wi-Fi enabled laptop in just about any neighbourhood these days, and you’ll see just how far and fast wireless networking is spreading. Access points are everywhere and some of them are even secured properly. Just don’t bet on that last part.
My latest sport is to see which of my neighbours have been buying which access points (APs). It’s not difficult to tell because most of them come up saying things like “Netgear”, “Linksys” or “Belkin”. Occasionally, they’ll even helpfully tell you their model number – HP APs are good for that out of the box.
It’s ancient wisdom that not many people turn on encryption, probably because: (1) they don’t know how to (2) Even if they did, they might not have the length of Ethernet cable that is often useful for setting up encryption between PC and AP (3) They don’t think anyone will really hack into their connection anyway.
Interestingly, I’ve spotted that most of the handful of APs local to me do now have encryption of some sort turned on, and one even appears to use WPA. But guess what? Someone has figured out the encryption but forgotten to secure the AP. I’m near certain that all but one of the APs advertising themselves with their brand name were also using default user names and passwords for that brand of hardware.
There is a lesson for vendors in all this. When every new access point is hauled form its box and turned on it should immediately ask the owner to choose a new password and user name with which to access it. It took immense effort and cleverness for the industry to agree on such things as encryption standards, only for them to be blown away by something as simple as being able to access an AP by typing http://192.168.0.1 and then entering the word “admin” twice.