I have found that a third of WEP networks use a phone number as the key.
I have written a script for NYC
that generates a wordlist of possible phone numbers based on area codes and exchanges. Then it can be used to test a capture file with
The benefit is that while it will not work all the time, it only needs 4 IVs of data, so one can casually roam the area capturing, then test each network against the list.Code:aircrack-ng -w h:<wordlist> <capture file>
If you do use this method please report your success rate and city. Also, I used area-codes.com for the areacode/exchange data, for those of you not in NYC. If you have trouble with running or personalizing the script, let me know.
Oh, when running the script, give it time, the output will be large.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Agreed, WEP is broken, not trying to prove that, just curious about key selection. Some businesses (including a financial firm included with permission) are effectively posting their key on their front door and business cards.
custode, very nice idea on the script, I myself have noticed that many clients Ive worked for have used phone numbers for both WEP / WPA keys. Although a phone number is a good set of random numbers, its still very easily cracked and figured out.
I have to agree, I know too many people who used their phone number as the wep key. Lack of knowledge leads to problems. I guess it just seems too easy for people to use their phone number when they need an easy to remember 10 digit key. What a joke using wep 64. might as well just leave it unsecured.
If at first you don't succeed, keep sucking until you do suck seed. --Curly