Vulnerabilities of WEP-based Wi-Fi Phones

Since most if not all the Wi-Fi phones on market these days use WEP as
their security protocol, does this mean it's a piece of cake to hack
and actually listen to a phone conversation without being detected ?
From my understanding, one could use WEPcrack or any other tool and
quickly gain access to the WEP keys used by the Wi-Fi phone.

Knowing WEP's well-known and document vulnerabilities, what are the
risks that an organization is exposing itself to when deploying Wi-Fi
phones ?

Paul.

On 24 Jan 2005 12:41:59 -0800, (E-Mail Removed) (Paul
Silverman) wrote:

>Since most if not all the Wi-Fi phones on market these days use WEP as
>their security protocol, does this mean it's a piece of cake to hack
>and actually listen to a phone conversation without being detected ?

No. It's not a wireless wiretap.

>From my understanding, one could use WEPcrack or any other tool and
>quickly gain access to the WEP keys used by the Wi-Fi phone.

Nope. The current technology requires sniffing the traffic and
capturing enough traffic to crack the WEP key. Then, the captured
traffic can be decoded. You could setup a promiscuous mode wireless
card, feeding some kind of VoIP codec decoder, to listen to traffic.
That will give you one side of the conversation unless you were
ideally located in between the access point and the client radio.
Cracking the WEP key is fairly well documented and doable. Extracting
useful information from the data stream is a bit more complex.

>Knowing WEP's well-known and document vulnerabilities, what are the
>risks that an organization is exposing itself to when deploying Wi-Fi
>phones ?

Depends on the encryption and environment. I don't consider wiretap
to be the main risk. Instead, unauthorized use might a be a more
common attraction. In general, if the phone supports WPA, you're safe
enough. WEP has largely become a security problem. Note that WEP2,
with AES encryption is coming real-soon-now and everything you buy
today may soon be obsolete.

Drivel: An industrial espionage job was uncovered about 6 months ago
where the perpetrators used a telescope and a video camera to record
the computer screen and keystrokes. Apparently, it had been in place
for about a year. 3M even makes "security screens" for CRT's and
LCD's to limit the viewing angle:
http://www.secure-it.com/products/privacy_lcd.htm
Also, I've played with a phased multiple microphone room bugging
device that could extract individual conversations from a room full of
other conversations. That was about 1985. Who needs wiretap when
there are easier ways?


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558