Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

New attack cracks common Wi-Fi encryption in a minute
Network World ^ | 27 August 2009 | Robert McMillan

Posted on 08/28/2009 10:58:25 AM PDT by ShadowAce

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.

They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.

WPA with TKIP "was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago," said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said.

Wi-Fi-certified products have had to support WPA 2 since March 2006. "There's certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time," Davis-Felner said.

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. "It's not as bad as WEP, but it's also certainly bad."

Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.


TOPICS: Computers/Internet
KEYWORDS: cyberattacks; cybersecurity; encryption; wireless; wpa
Navigation: use the links below to view more comments.
first previous 1-2021-4041-43 next last
To: Hazwaste

“Don’t forget to change the default login and password for the WAP admin account.”

Thats a biggie, if they can get into your wireless they can acess your router pretty easily.


21 posted on 08/28/2009 11:25:24 AM PDT by mowowie
[ Post Reply | Private Reply | To 12 | View Replies]

To: ShadowAce

WPA2 is still good for now. We’ll see for how long. BTT.


22 posted on 08/28/2009 11:26:29 AM PDT by Billthedrill
[ Post Reply | Private Reply | To 1 | View Replies]

To: Brookhaven

“but there are so many unsecured (no password) home networks out there....”

I have one right here.
Last week while on my back deck listening to tunes on my laptop i realized that an un-secured network somewhere had a higher power reception than my own wireless router so i used their internet instead of mine for the day.
Worked great.


23 posted on 08/28/2009 11:31:13 AM PDT by mowowie
[ Post Reply | Private Reply | To 15 | View Replies]

To: ShadowAce

Thanks to all for the good suggestions.


24 posted on 08/28/2009 11:37:13 AM PDT by Califelephant
[ Post Reply | Private Reply | To 1 | View Replies]

To: MikeWUSAF

>> Mac address filtering is your friend. :)

Wow, you’re even more paranoid than me... you aren’t letting ANY mac ids connect! :-)


25 posted on 08/28/2009 11:40:15 AM PDT by Nervous Tick (Stop dissing drunken sailors! At least they spend their OWN money.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: rabscuttle385

>> MACs can be spoofed quite easily

True, but you kinda need to know what ID to spoof; that’s a little bit harder of a problem. Not insurmountable, but harder.


26 posted on 08/28/2009 11:42:06 AM PDT by Nervous Tick (Stop dissing drunken sailors! At least they spend their OWN money.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: ShadowAce

Interesting this originated in Japan.
From what I understand the laws are much harsher there.
You are held responsible for what is done with your equipment and a “hostile takeover” is not a valid excuse.
I’d be surprised if very many in Japan still used WEP.


27 posted on 08/28/2009 11:44:23 AM PDT by astyanax (I'm here to spread peace, love and happiness... so get the f*#% out of my way.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Nervous Tick; MikeWUSAF

>>>> Mac address filtering is your friend. :)

Wow, you’re even more paranoid than me... you aren’t letting ANY mac ids connect!<<

On my old Microsoft router, It was all I could get to work. I just got a new router and tried using actual security. It worked but when my daughter tried to get in using vista, instead of asking for the security code, it asked for a password and other data. We gave up and just had her use a neighbor’s unsecured wifi.


28 posted on 08/28/2009 11:51:52 AM PDT by RobRoy (The US today: Revelation 18:4)
[ Post Reply | Private Reply | To 25 | View Replies]

To: RobRoy

>> We gave up and just had her use a neighbor’s unsecured wifi.

ROFL! Another happy Vista customer.


29 posted on 08/28/2009 11:53:34 AM PDT by Nervous Tick (Stop dissing drunken sailors! At least they spend their OWN money.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Nervous Tick

Then break out Wireshark and start sniffing traffic. ;)


30 posted on 08/28/2009 11:56:21 AM PDT by rabscuttle385 (May God save the American Republic.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: rabscuttle385

>> Then break out Wireshark and start sniffing traffic. ;)

Yeah, I guess a hacker could do that. Then he could break my WEP, and by golly, he’d be in!

I might get suspicious of that car in the cul-de-sac for a week, though. Not really close enough to any neighbors for someone to do it from an adjacent house.

I don’t know which is more pathetic — a guy like me who has a really boring on-line life, or a guy who would spend a lot of effort hacking the boring wifi comms of a guy like me. :-)


31 posted on 08/28/2009 12:08:05 PM PDT by Nervous Tick (Stop dissing drunken sailors! At least they spend their OWN money.)
[ Post Reply | Private Reply | To 30 | View Replies]

To: ShadowAce
A great man I once worked for used to say, "Locks are made to keep out honest people."

Lock up something of value and a crook will always find a way to break the lock.

32 posted on 08/28/2009 12:11:28 PM PDT by Bloody Sam Roberts (Hope requires the contender, who sees no virtue in surrender.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Nervous Tick
I might get suspicious of that car in the cul-de-sac for a week, though. Not really close enough to any neighbors for someone to do it from an adjacent house.

I would set up a small self-contained box somewhere nearby but in a hidden area...and just let that sniff traffic for a while. Pick it up later and analyze the results.

33 posted on 08/28/2009 12:12:37 PM PDT by rabscuttle385 (May God save the American Republic.)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Nervous Tick

;)

Setting up my wifes Vista laptop was less of a challenge. I don’t remember why. With my daughter’s, I would click on my connection and it asked for information completely irrelevant to the actual key.


34 posted on 08/28/2009 12:13:24 PM PDT by RobRoy (The US today: Revelation 18:4)
[ Post Reply | Private Reply | To 29 | View Replies]

To: rabscuttle385

>> I would set up a small self-contained box somewhere nearby but in a hidden area...and just let that sniff traffic for a while. Pick it up later and analyze the results.

Oh, THAT’S what that box is. You might want to find a more interesting location for it!


35 posted on 08/28/2009 12:19:05 PM PDT by Nervous Tick (Stop dissing drunken sailors! At least they spend their OWN money.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Nervous Tick

Lol.


36 posted on 08/28/2009 12:20:12 PM PDT by rabscuttle385 (May God save the American Republic.)
[ Post Reply | Private Reply | To 35 | View Replies]

To: RobRoy

>> Setting up my wifes Vista laptop was less of a challenge. I don’t remember why.

On my brother’s, it went pretty well if he jacked into the router to set up his wireless. Fairly automatic, then unplug the cable and away you go.

Your daughter, on the other hand, must be on that special “federal watch list”. ;-)


37 posted on 08/28/2009 12:21:17 PM PDT by Nervous Tick (Stop dissing drunken sailors! At least they spend their OWN money.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: Bloody Sam Roberts

A great man I once worked for used to say, “Locks are made to keep out honest people.”
Lock up something of value and a crook will always find a way to break the lock.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Criminals (like water) always follow the path of least resistance.

As long as you have a bigger lock than your neighbor you are good.


38 posted on 08/28/2009 12:26:56 PM PDT by Brookhaven (http://theconservativehand.blogspot.com/)
[ Post Reply | Private Reply | To 32 | View Replies]

To: mowowie; Brookhaven; ShadowAce
> Last week while on my back deck listening to tunes on my laptop i realized that an un-secured network somewhere had a higher power reception than my own wireless router so i used their internet instead of mine for the day. Worked great.

I don't doubt it. But you may have been compromised already, and if not you will be eventually.

An unsecured wireless is an obvious invitation to others. Well guess what? When you connect to such a network, you are a "peer" (on the same local net) to any other wireless user on that access point.

Including, of course, the guy who set it up, who has been waiting for you. Or the guy in the car, war-driving, and looking for victims. Bet on it -- there's a hacker who knows about, or set up, that unsecured wireless.

He is the spider in that web. As soon as you connect, he can connect to your computer. Unless you have strong passwords on your login accounts, he will be able to access your hard drive (e.g. on Windows using the default C$ share) with "administrator" privilege.

Connecting to an unsecured wireless is like having unprotected sex daily with strangers. Sooner or later you WILL get infected, or have your identity stolen, or your credentials copied.

It's a free country -- do as you wish. But at least, please use strong passwords, and a strong firewall that actively warns you of attempts to connect to your computer. That'll mitigate the danger a little.

39 posted on 08/28/2009 4:22:27 PM PDT by dayglored (Listen, strange women lying in ponds distributing swords is no basis for a system of government!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: ShadowAce
Is this enough for Obama to declare a cyber-threat and shut down the nations's private internet?

See ya... it's been nice chatting with everyone...

-PJ

40 posted on 08/28/2009 4:26:12 PM PDT by Political Junkie Too (Comprehensive congressional reform legislation only yields incomprehensible bills that nobody reads.)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-43 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson