Hackers of India

The Emperor Has No Cloak - WEP Cloaking Exposed

By  Vivek Ramachandran  on 04 Aug 2007 @ Defcon

Abstract

We thought The Emperor has No Cloak story was a pure fiction until we came across an announcement three weeks ago. Marketing can sell anything. The question is can an invisible cloak be sold in modern times when most of us can see through it?

The WEP cloaking technique works (or rather, as we argue, does not work) by injecting spoofed WEP encrypted data frames (“Chaff”) into the air. These chaff packets may contain random data or encrypted with a key different from the actual WEP key in use and may use only weak IVs. Unmodified WEP cracking tools fail to crack the original WEP key in a chaff-contaminated packet trace. Apart from the fact that WEP cloaking does not address any of the other weaknesses in WEP (such as message modification, replay attacks, shared authentication flaws, packet decoding using ICV etc); there are multiple ways to beat WEP cloaking, which we will disclose during our talk.

We also plan to release a set of tools including a patch for Aircrack which will keep WEP cracking the simple job it’s always been - even in the presence of WEP Cloaking. Final verdict on WEP Cloaking: WEP was, is, will remain broken. It cannot be secured by obscuring its flaws.