WPA keys gone in 60 seconds
Networking nerds claim to have devised a way of breaking Wi-Fi Protected Access (WPA) encryption within 60 seconds. The technique, developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, is based on the established Becks-Tews method, which involves making minor changes to packets encrypted …
Everyone switch to WPA2 - we don't want another Hiroshima!
Anyone stupid enough to be using WPA or even for a manufacturer to include it in the Routers list of options deserves all they get....
Note top of page 9 in the PDF: The attack only works if you can act as a repeater to the access point i.e. the client isn't in range of the AP. This isn't very likely is it ? And if you are acting as a repeater, why not just use (the same SSID with) no password as most clients will just silently connect to you and you can MiM their traffic conventionally ?
Why I will be running Cat6 around my next house when we come to decorate each room.
Wireless is incredibly unreliable on my home network, and powerline has allowed my downstairs neighbor access to my uPnP server as the "encyrption" included with the powerline adapters is XP/Vista only and my uPnP server is on my NAS.
Although I must admit, I'm much more excited than the missus about the prospect of a fully distributed gigabit LAN.
against WPA2-CCMP works providing one can capture the handshake and the password is a dictionary word. So WPA2 is not secure either. Don't use a dictionary word PSK to secure a WLAN ever. It took me less than 5 seconds to retrieve the PSK for my WLAN (avalon), I did however have to put my nonsensical PSK into my dictionary/wordlist.
:~$ aircrack-ng -a 2 -e avalon -w ./dict/wordlist ./dump01-01.cap
So simple even I could do it.
My internet connection downloaded that? You must be mistaken. Someone must have hacked my WPA.
It's on my computer? Well they transferred it once they'd done the hack.
Anon, in case this actually happens to me, as I really don't download anything I shouldn't.
It's easy to call people stupid for using weak security, but with routers and access points being sold in Tescos as commodity equipment, people assume that you just plug it in and use it, just like your TV. The router manufacturers are a great deal more culpable than the users are stupid.
I'm sure there are quite a few wifi users out there who *know* their setups aren't as secure as they could/should be, but simply don't have the spare cash to upgrade all of their wireless-enabled devices to ones that can support WPA2.
OK, I'm neither an expert on cryptography or network security, that's why I read the dumbed-down versions on El Reg, but something doesn't seem quite right here. AFAIK, the Beck-Tewes attack is able to intercept and modify small packets of data, *not* obtain the key to a network, two very different things. And apparently this new attack does the same thing, only faster.
So how are "WPA keys gone in 60 seconds"? This is a serious attack, but this article seems to be exaggerating somewhat.
As I said before, I'm not an expert, and I'd be happy for someone to explain to me that I'm wrong.
Then why when I am stuck somewhere with no internet access can't i just quickly spend 10-15 mins running some tools to hack their network and then start using the internet. I have yet to see anybody demonstrate to me how I can do this using easily available and configurable tools.
B
I have to agree with bilgpipe on this, in fact the whole way in which computers and associated equipment is sold is more the cause of the the problems with security than thick end users. Manufacturers of of hardware and software (I'm looking at you Microsoft) are selling their products under the premise that all you have to know is how to plug it in, like a washing machine; when this is plainly not the case.
I work for a large IT Company. Not small and not red. I got a brand new laptop last week and guess what. I have had to configure the guest account on my wireless network for WPA so as to be able to connect to the network with my new company laptop.
Ok so the company data is protected by VPN but hell, even my mum could run an IT department better than this bunch.
So does this touch AES, or only TKIP?
Due to some legacy devices, some networks run WPA2 with WPA fallback, and may be exposing themselves, but only if they're running TKIP?
I agree. I have yet to see, or hear of for that matter, a wireless hack/crack that is able to be perpretrated by someone other than a security expert or at least someone very familiar with network security and also Linux.
Until I see a freely or commercially available program that will let the guy next door do this at the click of a button (or six), this is a non-issue unless you are worried about corporate espionage. And if you ARE worried about corporate espionage... why the fusk are you using a wireless network?
Paris because she allows a hell of a lot more access than a WPA secured router.
You can run the IT department better? Step up to the job before whining about it.
Regards,
The 'Large IT Company' IT Manager.
Hate to break it to everyone who thinks these techniques aren't free and easily available. There are live CDs designed to do just this. Take a look at BackTrack sometime. A freely downloadable distribution centered just around penetration testing. All it takes is little Johnny with his laptop to start taking apart your wireless network.
And before anyone even begins to say that the tools are too difficult for anyone to use, it takes all of five seconds to Google for a step-by-step, paint-by-numbers, connect-the-dots guide for cracking wireless networks using the tools. Hell, YouTube has videos you can watch, if reading simple guides is too hard.
Yes, this stuff is everywhere.
... unless your living in a city, or a large town, where geeks frequently war drive, or unless you suspect your nearest neigbours are uber geeks, for the love of sensibility, get a grip already.
I'm not advocating ignoring this kinda thing, but lets get real, most people have a slim to none chance of having their wireless hacked into, even on WEP.
Face it, IT Company's haven't a clue. What you want is a proper certified network engineer. Any fool who can install XP seams to call himself an IT consultant.
WPA like WEP before it is better then nothing and of course WPA2 with its AES encryption is the recommended. Anyway, wireless is good for nothing more then easy access casual browsing and little else. People seam to have forgotten wireless is a shared medium like hubs and nobody uses a hub these days do they?
Oh and can low end AP manufacturers add a power setting and get end users to set it then a while street wont be competing for RF bandwidth! Also means the hackers would have to sit on your front door!
as someone who has on occasion done a bit of drive by web access out of hours in times gone by.
i can confirm that them dumb AP's that blast out thier signal at max strength with a range of 100m+, sure are a boon to those of us who cannot afford to be camped out directly on the owners doorstep just to get a bit of RPG/web action.
oh and a multi-boot netbook is more than enough to do the hunting and key breaking in linux and RPG avatar web abuse in m$....
Yarrrr,,,,,,
As far as I'm aware even ye olde WPA is only fast to crack if you use dictionary words. Make your password something obfuscated and you shouldn't have a problem unless the people cracking your network happen to have brought a lawd-knows-how-many-nodes Beowulf with them, surely?
Paris, because she knows all about unsecured access.
A novice couldn't do it, but the only reason for that is it has not been pre-packaged into an easy to use GUI for Windows. If someone did that then people would be under a lot more pressure to use more secure methods.
I know very little about how the methods work, but I managed to hack three of my neighbours and steal their internets (and also took control of the router admin so that I could open some ports for my torrents - BT Home Hub had loads of vulnerabilites).
I used aircrack-ng, which is a command line tool for Linux that basically does it all for you, although it doesn't hold your hand. It took a bit of working out, but there are tutorials out there.
People think they are safe but you don't know who your neighbour is. It might be me.
Read the paper - neither this nor Beck-Tews can recover WPA keys. You can falsify ARP packets, which is fairly significant but a world away from recovering the key and being able to read all traffic in clear. "37% of WPA-TKIP encrypted ARP can be read and falsified in best case time of 60 seconds" is very different to the message that the media has portrayed. Disappointing reporting!!
Sign up, sign up for The Register's weekly mobile & wireless newsletter - click here
