Salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard by selling network key-cracking kits for the average consumer. Wi-Fi USB adapters bundled with a Linux operating system, key-breaking software, and a detailed instruction book are being sold online and at China’s bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site, Taobao.com, had to ban their sale last year. With one of the “network-scrounging cards,” or “ceng wang ka” in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan (US$24), a price that included setup help from a man at the other end of the sprawling, multistory building. To crack a WEP key, they capture data being transmitted over the wireless network and target it with a brute-force attack to guess the key. The brute-force attacks on WPA encryption are less effective. But while WEP is outdated, many people still use it, especially on home routers, said one security researcher in China. That means an apartment building is bound to have WEP networks for a user to attack. “No matter where you go, you can use the Internet for free,” the researcher said.

What’s your thoughts on the Chinese and their impact on worldwide crime? Email to zaludreport@bnpmedia.com