The Caffe Latte attack debunks the age old myth that to crack WEP, the attacker needs to be in the RF vicinity of the authorized network, with at least one functional AP up and running. We demonstrate that it is possible to retrieve the WEP key from an isolated Client - the Client can be on the Moon! - using a new technique called "AP-less WEP Cracking". With this discovery Pen-testers will realize that a hacker no longer needs to drive up to a parking lot to crack WEP. Corporations still stuck with using WEP, will realize that their WEP keys can be cracked while one of their employees is transiting through an airport, having a cup of coffee, or is catching some sleep in a hotel room. Interestingly, Caffe Latte also has a great impact on the way Honey-pots work today and takes them to the next level of sophistication.

1. Vivek Ramachandran MD Sohail Ahmad www.airtightnetworks.net Caffé Latte with a Free Topping of Cracked WEP Retrieving WEP Keys From Road-Warriors

2. Cracks in WEP -- Historic Evolution 2001 - The insecurity of 802.11, Mobicom, July 2001 N. Borisov, I. Goldberg and D. Wagner. 2001 - Weaknesses in the key scheduling algorithm of RC4. S. Fluhrer, I. Mantin, A. Shamir. Aug 2001. 2002 - Using the Fluhrer, Mantin, and Shamir Attack to Break WEP A. Stubblefield, J. Ioannidis, A. Rubin. 2004 – KoreK, improves on the above technique and reduces the complexity of WEP cracking. We now require only around 500,000 packets to break the WEP key. 2005 – Adreas Klein introduces more correlations between the RC4 key stream and the key. 2007 – PTW extend Andreas technique to further simplify WEP Cracking. Now with just around 60,000 – 90,000 packets it is possible to break the WEP key. IEEE WG admitted that WEP cannot hold any water. Recommended users to upgrade to WPA, WPA2

3. WEP Attacks – exposure area WEP Attacks Distance from Authorized Network (Miles) 1 10 100 1000 On the Moon FMS, Korek PTW No Mutual Authentication Message Modification Message Injection Using known methods, exposure is limited to RF range of WEP enabled network Can your keys be cracked when roaming clients are miles away from the operational network?

5. Observation #2 Can you force a WEP client connect to a honey pot without having knowledge of the key? Probe Request “Default” Probe Response Authentication Request Authentication Success Association Request Association Response Data Data

7. Can we speed it up? DAYS HOURS MINUTES

9. Caffé latte – Shared + DHCP Challenge Enc. Challenge + 128 bytes Keystream Probe Request “Default” Probe Response Authentication Request Challenge Encrypted Challenge Authentication Success

19. Applying Bit Flipping to an Encrypted ARP packet + + + 5.5.5.250 WEP ICV ARP Header LLC Header WEP Params MAC Header Target MAC Target IP Sender IP Sender MAC Opcode Protocol Size Hardware Size Protocol Type Hardware Type AA AA AA AA AA AA 05 05 05 05 05 05 05 05 FF 00 00 00 00 00 FF 00 00 00 00 00 00 00 55 AA AA AA AA AA FA 05 05 05 05 05 05 05

26. Questions? [email_address] Md.Ahmad@airtightnetworks.net Airtight Networks www.AirTightNetworks.net Acknowledgements: Amit Vartak (amit.vartak@airtightnetworks.net)