"Depending on many factors, WEP keys can be extracted in a matter of minutes," Muts said. "I believe the record is around 20 seconds."
The brute-force attacks on WPA encryption are less effective. But while WEP is outdated, many people still use it, especially on home routers, said one security researcher in China. That means an apartment building is bound to have WEP networks for a user to attack.
Since the kits capture data packets to perform their attacks, they may also let a user steal sensitive personal information that a victim sends over a network, the researcher said.
The kits have stayed popular despite Chinese laws against hacking.
"No matter where you go, you can use the Internet for free," the researcher said.
Sign up for CIO Asia eNewsletters.