Demonstrated at the Toorcon hacking conference in San Diego over the weekend is a new way to attack laptops that use WEP encryption. Typically, the way to attack WEP was to sniff the wireless network traffic and crack the WEP key while in range of a legitimate access point. With this new technique you can now attack the client itself, no real AP needed. In basic terms how does this work?
1. Setup your laptop as a fake access point.
2. Find out the SSID’s that the victim laptops are trying to communicate to.
3. Crack the WEP keystream with gathered traffic.
4. Trick victim laptops into sending lots of messages to your fake AP(like 70,000-80,000) using ARP.
5. Crack WEP keys and enjoy….!
You can download the full Toorcon presentation here.