Subscribe to AfterDawn's weekly newsletter.
Wired Equivalent Privacy
Wired Equivalent Privacy, or WEP, is an outdated security standard used for protecting privacy and security of wireless networks. As the name implies, WEP was created to provide comparable security and privacy for a wireless network that you would expect from a wired LAN. Wireless Networks use radio signals for data transmission, and as such, are more vulnerable to attack than traditional network infrastructures. It was introduced in 1997 as part of the IEEE 802.11 standard.
WEP has been replace now for security concerns (see below) by WPA and WPA2, which use more reliable encryption schemes for protecting wireless network activity. WEP remains in wide use however, despite the security concerns. Some hardware may simply never have been upgraded. Some networks may have been setup by users unaware of WEP's problems. Using WEP nowadays provides very little defense against determined hackers, except for making it impossible for a computer to "accidentally" connect to your network when it finds it, which can happen (and does frequently) with unsecured networks.
WEP was discovered to be vulnerable to a related key attack years ago. Since then attack methods have evolved to a point where currently a WEP-protected network could be compromised in a matter of minutes using easily found software. Suggestions are often made that disabling the broadcast of the network SSID can fight these attacks (the logic behind it being that an attacker could not connect to the network unless he/she knows the SSID), but in reality this is only an extra step that needs to be taken, as SSID information is transmitted as text across the network when computers attempt to join. Packet sniffing software can retrieve the SSID, and then the attack against WEP can begin.
To replace WEP, the IEEE introduced Wi-Fi Protected Access (WPA) in 2003, which used Temporary Key Integrity Protocol (TKIP) and was considered much safer than using WEP. In 2008, TKIP was found to be vulnerable to attack, but not an attack that could lead to a key being retrieved (not at this time). However, since the ratification of the 802.11i standard in 2004, also known as WPA2, there is much stronger security yet that introduces the Advanced Encryption Standard (AES) algorithm, now supported by all Wi-Fi hardware on the market.
WEP should not be used under any circumstances. WEP2 and WEPplus are no exception either.