Posted on 11/06/2008 1:07:03 PM PST by ShadowAce
Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.
They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack
Security experts had known that TKIP could be cracked using what's known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.
The work of Tews and Beck does not involve a dictionary attack, however.
To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.
Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.
WPA is widely used on today's Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.
A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.
"Everybody has been saying, 'Go to WPA because WEP is broken,'" Ruiu said. "This is a break in WPA."
If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.
Ruiu expects a lot more WPA research to follow this work. "Its just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground."
Whew. I use WPA2. Never used WEP
Use WPA with AES, which is more secure and usually runs in hardware rather than TKIP which tends to run in software.
If it’s wireless, assume it’s insecure.
Don’t know what else to say.
Oversimplifying the issue doesn't really help. Wired connections can be quite insecure as well. Lots of serious intrusions and crimes have been committed over copper.
All security is a value/time tradeoff. If what you have is valuable enough, someone WILL gain access, given enough time. If what you have is of no value, nobody will try to get it even if it's public.
All you can do is make access difficult enough that it isn't worth the bad guy's time to get it.
I use MAC filtering on top of that. Still not totally hack-proof, but it provides an extra layer.
...and this is why my household is wired.
Don't want to shoot you down, but from what I've read while recently getting up to speed to set up a wifi network of my own, MAC filtering is so easily overcome by spoofing that its literally not worth the time to implement it. Its _is_ an extra layer of security, but kind of on same level as a screen door is a layer. :-/
I'm sorry to say both MAC address filters and SSID hiding can be easily spoofed or exposed.
Well, what’s a person to do? I try to be reasonably secure. Turned off SSID broadcast, use WPA, don’t use MAC filtering anymore (too much hassle, since I’m constantly changing hardware around). I figure if somebody’s determined enough to go after me, with 6 other wireless access points withing sniffing distance (most unsecured), there’s not much I can do about it, short of pulling the plug.
Wow, hauling around a 300' CAT5 with your laptop around the house has to be a drag.
My house is wired and wireless. And using the highest crypto is the only option with wireless. I'm not surprised people are working on cracks. In fact it is a good thing. If you don't test your security, someday you'll find it's been compromised.
WOW, if I was using a LAPTOP that would be really stupid.
I travel with a laptop and HARD WIRE it when I need to use that.
WPA2 is thankfully still safe, the problem comes for people that have hardware that only does WPA, ie. some (barely) older laptops and many game consoles.
Bump for reference
So brute force is the key and it takes a real whooper of a system to pull it off.
For some strange reason, I'm not too worried about this.
I don't think anyone sitting outside my house looking for a Wi-Fi connection is going to be able to hack my WPA protected network.
802.1x with PEAP-CHAP. Even negotiating access to the WAPs is encrypted.
“I don’t think anyone sitting outside my house looking for a Wi-Fi connection is going to be able to hack my WPA protected network.”
Ditto - especially since most of my neighbors have no encryption at all.
Hee hee...always good to have a backup system in place. Just in case of emergency mind you.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.