Print 52 comment(s) - last by glennpratt.. on Dec 4 at 1:15 AM

Bring your laptop, leave your dictionary

A pair of security researchers claim to have partially cracked WPA encryption, with an attack that takes around 15 minutes.

The technique relies on an undisclosed “mathematical breakthrough,” say researchers Erik Tews and Martin Beck, and breaks the Temporal Key Integrity Protocol (TKIP) key used to encrypt data between a wireless router and its clients. Currently, the attack works only one way: data traveling from the access point to its clients is vulnerable, while data traveling in the opposite direction is not.

The only other known, effective attack against a WPA connection relies on computationally-intensive dictionary attacks, which involves testing wireless data against an extremely large list of educated guesses until one of them successfully decrypts the data in question.

Tews and Beck’s attack lowers these requirements considerably, allowing anyone with the knowledge, a laptop, and 15 minutes of time the ability to listen in on one side of a WPA-encrypted wireless connection.

CNet notes that Tews is no stranger to wireless hacking, as he also co-authored a 2007 paper (PDF) discussing how to crack a 104-bit WEP key in 60 seconds.

The duo will reveal their findings at next week’s Tokyo, Japan-based PacSec security conference in a presentation titled, “Gone in 900 Seconds, Some Crypto Issues with WPA”.

According to PC World, some of the pair’s research already is already appearing in wireless security tools.

Companies and internet users looking to keep their wireless networks secure will have to upgrade to WPA2 now, says PacSec organizer Dragos Ruiu.

“Everybody has been saying, 'Go to WPA because WEP is broken,'” he said. “This is a break in WPA.”

While it is too early to tell how the WPA attack will be exploited by criminal organizations, many companies are still in the process of transitioning to WPA from weaker standards like WEP, or no encryption at all. Hackers hit one such company, T.J. Maxx, in January 2007 from secured WEP access points; they ran off with one of the largest credit-card hauls in history and caused more than $200 million in damage.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

WPA? TKIP? Pfah!
By amanojaku on 11/7/2008 9:17:45 AM , Rating: 5
If you're "security conscious" and halfway intelligent you're using WPA2/AES. If you're paranoid you're using wires. Anyone using outdated "security" deserves to get a boot in the arse.

RE: WPA? TKIP? Pfah!
By FITCamaro on 11/7/2008 9:46:17 AM , Rating: 2
Does the 360 and PS3 wireless support WPA2/AES? I'd prefer to use wires but it isn't an option with my new place.

RE: WPA? TKIP? Pfah!
By omnicronx on 11/7/2008 10:04:36 AM , Rating: 2
The 360 supports WPA2.. so it has to support AES.. (WPA2 made AES mandatory)

RE: WPA? TKIP? Pfah!
By FITCamaro on 11/7/2008 10:07:55 AM , Rating: 2
I remember seeing two options in my router with WPA2. Was like WPA2 personal and WPA2 enterprise. Difference?

RE: WPA? TKIP? Pfah!
By omnicronx on 11/7/2008 10:46:37 AM , Rating: 3
Enterprise just authenticates users through a separate server(called a radius server) and has an extra set of encryption called EAP(Extensible Authentication Protocol)
Basically you will never use it, it is primarily used in business wireless setups.

RE: WPA? TKIP? Pfah!
By AnnihilatorX on 11/7/2008 10:31:09 AM , Rating: 2
The Xbox360 WiFi adaptor doesn't support WPA2 iirc

RE: WPA? TKIP? Pfah!
By omnicronx on 11/7/2008 10:38:32 AM , Rating: 2
Thats weird, I'm looking at the packaging/manual for mine and it says WPA2 right on it, but you are right, apparently MS has been misleading and it only supports WPA..

RE: WPA? TKIP? Pfah!
By Kefner on 11/7/2008 11:36:52 AM , Rating: 2
My 360 wireless adapter said it supported WPA2 also, but never did. I tried many times. Luckily my 360 is wired now, so no biggie.

RE: WPA? TKIP? Pfah!
By Aloonatic on 11/7/2008 12:09:01 PM , Rating: 3
Drat, drat and double drat.

I really wanted to snoop on what you were up to on your xBox.

*shakes fist at your wired router

I'll get you next time...

RE: WPA? TKIP? Pfah!
By AssassinX on 11/7/2008 1:42:06 PM , Rating: 3
Looks like Scott Bursor can now make some more money!

RE: WPA? TKIP? Pfah!
By JonnyDough on 11/7/2008 9:48:04 AM , Rating: 3
Unless you live in a really crowded apartment complex, the odds of being hacked when you're using WPA is almost zilch. Out in the country on a big acreage you almost wouldn't even need encryption, but I'd still use it. It also helps to make your network invisible, as in...set it so the name won't appear unless someone knows what they're doing to be able to see it.

RE: WPA? TKIP? Pfah!
By Hare on 11/7/2008 9:54:52 AM , Rating: 2
It also helps to make your network invisible, as in...set it so the name won't appear unless someone knows what they're doing to be able to see it.

No it doesn't. Hiding the SSID does absolutely nothing, the access point still exists and can be seen by anyone if they simply use a hotspot sniffer that lists access points that have hidden SSID.

Mac address filtering and SSID hiding are completely unnecessary and offer no real security benefits.

RE: WPA? TKIP? Pfah!
By FITCamaro on 11/7/2008 10:06:20 AM , Rating: 2
His point is that most don't have a sniffer. Granted anyone who is capable of hacking your network to begin with likely does.

RE: WPA? TKIP? Pfah!
By Hare on 11/7/2008 10:51:17 AM , Rating: 2
If someone is worried about security it shouldn't matter. With that logic, WEP is "secure" because many people don't have the tools to break the encryption. If someone wants to get to your network, hiding the SSID and having MAC-address filtering is completely pointless.

There are countless freeware apps that show also access points with hidden SSID. I personally use network stumbler (not for malicious purposes). I just want to see all access points in the neighbourhood so that I can pick a channel that has least traffic. Hiding the SSID is just the access point saying that please don't list me. It's up to the wlan client to decide wheather or not the AP is actually listed or not.

RE: WPA? TKIP? Pfah!
By JonnyDough on 11/7/2008 5:29:40 PM , Rating: 2
That was exactly my point.

RE: WPA? TKIP? Pfah!
By mindless1 on 11/8/2008 10:41:05 AM , Rating: 5
That's naive. Anything you do offers real security benefits, just like locking your car door offers real security benefits even if it's still hypothetically possible to break in. There is no absolute in security, just degrees of risk and degrees of managing it.

RE: WPA? TKIP? Pfah!
By glennpratt on 12/4/2008 1:10:06 AM , Rating: 2
Oy, misguided car analogies on tech forums.

If you must, SSID cloaking is like putting a piece of tape over the door handle and MAC address filtering is like requiring a code to start the car, except that code is written down all over the place inside the car.

The point is, WPA2 with nothing else is very secure today. SSID cloaking and MAC address filtering are not, they will only prevent uninformed people from hijacking your internet access - but then so will WPA1 and it will provide a good level of protection for now, so why bother with hacks.

RE: WPA? TKIP? Pfah!
By Murloc on 11/7/2008 10:01:38 AM , Rating: 2
I don't think someone will hack your wireless connection, unless you are sooo important and you work with secret things.

I can't see the problem in upgrading the protection.

RE: WPA? TKIP? Pfah!
By Yawgm0th on 11/7/2008 11:30:12 AM , Rating: 2
How about to steal bandwidth and commit crimes using your Internet? Or maybe just to sniff your traffic and grab your credit card or bank account information when you go online. A report I read not long ago (I want to say DT posted it, come to think of it) indicated many bank's web sites don't even have SSL properly implemented when you go to login, so that a MitM attack could easily grab your bank info.

I'm tired of this fallacy that if you are just some residential user that there is no incentive to break into your wireless.

RE: WPA? TKIP? Pfah!
By Suntan on 11/7/2008 12:58:00 PM , Rating: 2
I'm tired of this fallacy that just because you are on wireless, someone is going to steal your CC number or your network bandwidth.

I have the wireless router in the basement, with stucco siding (metal lath inside it makes a nice faraday cage.) You can't get a signal from the street even with a directional antenna. You can get one if you are about 50 feet from the back door, or to put it another way 30 inside my back yard.

Yeah, I suppose a couple of goons can ride up with a really elaborate antenna setup to hear my wpa network. Or go commando in the middle of the night and setup in my backyard. I'm guessing I have more to worry about when Jimmy at Red Robin walks away from our table with my CC, that I just gave him to ring up, though.


RE: WPA? TKIP? Pfah!
By GaryJohnson on 11/8/2008 8:23:59 AM , Rating: 2
If Jimmy at Red Robin walks away with your CC your going to know it's gone and you can cancel it. What's bad is when you're at Red Robins and Jimmy goes to ring you up and those goons with the antenna setup have left you with a $0 balance.

RE: WPA? TKIP? Pfah!
By glennpratt on 12/4/2008 1:15:32 AM , Rating: 2
Here's the problem, when virtually every one else in the world could have the same vulnerable setup. Sure, odds are it won't happen to you - but it probably will happen to someone.

Frankly, it's pretty rare that any news will apply directly to you, so I don't know why you act like you surprised in this case.

RE: WPA? TKIP? Pfah!
By omnicronx on 11/7/2008 10:16:16 AM , Rating: 2
Not ARP poisoning! TKIP is not cracked, someone can't simply access your network if you are using TKIP. If someone really wants to Ddos attack you, there are many better ways of doing so.

Also for all those who don't have an AES router, see if you have a group key renewal setting, and set it to 600 seconds (10 minutes) if you really don't feel safe.

RE: WPA? TKIP? Pfah!
By thepalinator on 11/7/2008 10:31:25 PM , Rating: 2
Anyone using outdated "security" deserves to get a boot in the arse.
And what about those of us with equipment that doesn't support WPA2? Junk it all and upgrade, even before a crack is verified? I don't think so.

RE: WPA? TKIP? Pfah!
By GaryJohnson on 11/8/2008 8:28:23 AM , Rating: 2
It's not if you only have WPA instead of WPA2, it's if you only have WPA & TKIP and not WPA & AES.

Best encription?
By misuspita on 11/7/2008 9:18:20 AM , Rating: 2
Ok, so what's the best encryption to date? And what's in store for the future? what can you do to protect your connection without fear of something happening?

RE: Best encription?
By Chris Peredun on 11/7/2008 9:19:51 AM , Rating: 5
Ok, so what's the best encryption to date?


And what's in store for the future?

WPA3? ;)

what can you do to protect your connection without fear of something happening?

1. For the moment, use WPA2-AES as it hasn't yet been broken.
2. If you're paranoid, ditch the wireless entirely and go wired.
3. If you're really paranoid, stop using a computer.

RE: Best encription?
By xsilver on 11/7/2008 10:08:45 AM , Rating: 5
4. Start wearing tinfoil hats.
5. Cut out the middleman and anal probe yourself :)

Anyways - im not sure all these high security measures are for everyone, especially if they live in suburbia with neighbors that dont even use passwords or have ridiculously easy ones.

RE: Best encription?
By joeld on 11/7/2008 10:31:02 AM , Rating: 2

RE: Best encription?
By HrilL on 11/7/2008 11:20:40 AM , Rating: 2
yup The 3 main ISPs (COX, Verizon, AT&T) here when having their techs install a wireless router. Set the WPA key to the persons phone # and a little looking in the white pages for that address and boom you got it. It is pretty retarded but I guess it is more about making illegal to access their data then it is to really protect it.

RE: Best encription?
By MaulBall789 on 11/10/2008 1:09:39 PM , Rating: 2
What kind of encryption does the tinfoil hat use?

RE: Best encription?
By gamefreak32 on 11/7/2008 10:09:12 AM , Rating: 2
1. For the moment, use WPA2-AES as it hasn't yet been broken.

That is not true. A company has been using 2 GTX280s with CUDA to crack WPA2. If you have the money, you can buy the software for $600.

RE: Best encription?
By omnicronx on 11/7/2008 10:28:46 AM , Rating: 2
Don't always believe what you hear, these passwords being broken here were 6 to 8 characters in length, which regarldess of encryption only have so many password possibilities. With a 15+ charactor password, Even when you consider that the cuda was processing with a 100x speed increase, its still sitting at around 100 million passwords per second. Well a 15+ character key (with random charactors including upper and lower case) has a hell of a lot more possiblities than that, brute force would still be a gigantic number, probably in the billions of years to crack via brute force.

In fact a 15-20 digit key with TKIP will be next to impossible to crack, even with the breakthrough this article mentions.

RE: Best encription?
By AnnihilatorX on 11/7/2008 10:33:24 AM , Rating: 2
Not to mention you can have password containing symbols like !,#,&
That's what I had been using. Long password + numerics + capitals + symbols.

RE: Best encription?
By gramboh on 11/7/2008 1:21:24 PM , Rating: 2
Yep, just use a 64 char random character key with all of the above, pretty much impossible to brutal force. Kind of a pain to type in on a device you can't easily copy-paste from (e.g. iPhone) but I find I am rarely typing in the key.

RE: Best encription?
By drebo on 11/7/2008 1:45:56 PM , Rating: 2
What the engaget article doesn't say is that they had 20 of those dual GTX280 machines in a compute cluster which allowed them to break WPA in a month instead of years.

WPA is not functionally crackable.

RE: Best encription?
By theslug on 11/7/2008 10:18:38 AM , Rating: 2
I have my router set to WPA2 and TKIP+AES, as opposed to the option that just says AES. Is TKIP+AES less secure? I set it this way because my laptop would never connect with it set specifically to AES.

RE: Best encription?
By omnicronx on 11/7/2008 10:32:36 AM , Rating: 2
WPA2 TKIP+AES means that it supports both TKIP and AES, they are not used in conjunction. Older devices that only support TKIP will fallback to using that, devices compatible with AES will use it as such. So if you are really worried about this security flaw, then yes TKIP+AES is less secure than just AES.

Of course I am pretty sure than you need to be using a TKIP device (other than the router) in order for them to intercept a packet, but thats a different story.

RE: Best encription?
By Mr Perfect on 11/7/2008 12:36:34 PM , Rating: 2
2.5 Use fiber lines when going wired!

Is it still true that you can't tap into a fiber network without killing the signal? Or have they come up with splitter devices to get around that, too?

RE: Best encription?
By HrilL on 11/7/2008 1:00:47 PM , Rating: 2
I believe they have those. Or you go to where the repeater is. But in a local network a splitter would work. But the problem with that is the link will be taken down for a short period of time and if a link goes down the router or switch should notify the network admin. While the link would come back up they would know that something happened and likely check the cables to see if it has been tampered with. Also I believe the decibel level will also be slightly lower and this will be a give away. This is very unlikely an option though as you would need physical access to the cables that are run in conduit or where it leaves that conduit in networking closet that should be locked and monitored. Good luck with doing all that. Fiber is by far the safest network medium to use.

RE: Best encription?
By Alpha4 on 11/7/2008 10:39:30 AM , Rating: 2
As I understand MAC filtering works well, just not exclusively.

RE: Best encription?
By Hare on 11/7/2008 10:55:40 AM , Rating: 3
No it doesn't. Changing your MAC address is trivial and you can find out legitimate mac addresses just by listening to the traffic.

Feel free to google.

RE: Best encription?
By GaryJohnson on 11/8/2008 8:50:45 AM , Rating: 2
You need an authenticated client to find a MAC address right? So if your AP is low traffic, say there's only ever an authenticated client for a few hours a week, mac filtering can be pretty effective.

RE: Best encription?
By Lugaidster on 11/19/2008 8:45:33 PM , Rating: 2
Still, MAC address filtering only prevents the DHCP server to give you an IP address, but if you had one you'd be connected already. So if you setup your IP address manually you are set to go.

Since most routers give you addresses of the type 192.168.x.y all you need to do is guess "x" which would be 1/254 (since number 255 is reserved) and since most routers give you 192.168.[0-11].y addresses most likely you'll have network address in 12 attempts.

Ofcourse you'd still need to find the gateway address and the DNS server address, but since we are talking about residential routers most likely they'll be both the same and both be at 192.168.x.1.

So yeah, MAC addr. filtering pretty much sucks, except that only about 1% of the people on Earth know this. So to prevent those naggy newbies trying to steal internet access it is pretty good.

Much more detailed article at Ars Technica
By sciwizam on 11/7/2008 9:20:34 AM , Rating: 3
By sprockkets on 11/7/2008 9:38:13 AM , Rating: 5
The only thing possible with this crack is DNS or arp poisoning.

And remember too, you can always set your key to change every 15 minutes too.

By michaelklachko on 11/7/2008 3:24:00 PM , Rating: 2
I don't use any encryption on my wireless network. I don't mind sharing my internet connection with others. It's unlimited, it's always on, and I use it less than 5% of the time.

RE: funny
By Hare on 11/7/2008 4:09:00 PM , Rating: 2
The issue is not about losing bandwidth. It's about losing privacy, without encryption anyone can monitor what you download, where you browse, what kind of passwords you are using (unless the connection is encrypted e.g. https). Another thing is that it exposes your computer to LAN attacks. It's pretty unsecure to have network drives in LAN if the wifi can be accessed by anyone... It also exposes you to other nasty incidents. What if someone from your IP downloads something illegal and leaves a trace. Of course an open wlan is an excuse, but I bet everyone would rather avoid the hassle.

It takes a minute or two to secure an access point so I really don't see why anyone shouldn't do it unless one wants to specially give public access to the Internet.

RE: funny
By michaelklachko on 11/7/2008 6:40:14 PM , Rating: 2
I think any discussion about protection should start with what is to be protected, and who is after it. Is there anything truly valuable on your computer that needs advanced protection? I'm talking about something more than your CC number, or email password (which, as you pointed out, are encrypted already). Are you watching child porn on your computer? Do you have access to classified military information? Do you email plans to kill someone? Probably not. That means it's unlikely someone would be particularly interested in your PC.

Personally, I don't care enough to protect my wireless network. Yes, there's a risk that someone will download something nasty that can get me in trouble. However, that person probably realizes my network could be a honeypot, and I might call the police saying someone within 100 feet from my house is committing a crime. So this risk is small enough for me to ignore. And if I ever want real privacy, I will take a number of steps to protect myself.

You are right, it's easy to secure an access point, so if you want to secure it, by all means, do it. I'm just saying, most people don't care.

RE: funny
By Hare on 11/8/2008 2:55:42 AM , Rating: 2
Most people are ignorant and don't understand the risks. Many wifi networks have network shares that are not protected so nothing is stopping the guest from downloading e.g. vacation pictures etc.

As you said. Most people don't care but usually it's just that they don't understand the issue. They plug in the router, connect to it and forget about it. They don't even think that someone else might also connect to it.

Ps. I think someone in my appartment understood the situation when I used his printer to deliver the message "Your all files are visible to anyone in the neighbourhood. You might want to setup a password to your wireless network".

Just for the record
By shaw on 11/7/2008 11:02:59 AM , Rating: 4
#1 WPA is there just to keep the average joe off from connecting to your network.

#2 If somebody is really determined to hack into your wireless connection it's going to happen. Whether it be social engineering or any other means of getting into it. If you feel your data is really that valuable then it shouldn't be on a network that has access to the outside.

By Guttersnipe on 11/7/2008 12:49:19 PM , Rating: 2
plus i live in an older neighborhood, less chance of a script kiddie trying to hack me:P what is really awesome is that ddwrt gives my old linksys gs router wpa + aes capability. so no worries in that department. gotta love 3rd party firmwares:)

"I want people to see my movies in the best formats possible. For [Paramount] to deny people who have Blu-ray sucks!" -- Movie Director Michael Bay
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki