New attack cracks WPA Wi-Fi encryption in just a minute

Status
Not open for further replies.
Jos

Jos

Posts: 3,073   +97
Staff

Encryption systems used by wireless routers have had a long history of security problems. The Wired Equivalent Privacy (WEP) system was cracked and rendered effectively pointless within a few years of its introduction in 1997. Now, it looks like its WPA successor may soon suffer the same fate, with a pair of Japanese researchers developing a way to break it in just one minute.

The attack builds on the so-called "Becks-Tews method" unveiled last year by researchers Martin Beck and Erik Tews. However, that method worked on a smaller range of WPA devices and took between 12 and 15 minutes to carry out. Both attacks work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They aren't key-recovery attacks -- but give hackers a way to read encrypted traffic sent between computers and certain types of routers that use the outdated encryption system.

The Wi-Fi Alliance has required since 2006 that Wi-Fi-certified products support WPA 2, a much more powerful encryption system that is not vulnerable to these attacks, but users have been slow to upgrade.

The two researchers, Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, are to discuss their findings at a conference in Hiroshima this September 25 but you can read some details now in their paper, "A Practical Message Falsification Attack on WPA" (PDF).

Permalink to story.

https://www.techspot.com/news/35990-new-attack-cracks-wpa-wi-fi-encryption-in-just-a-minute.html

 
Oh this is big this really is!!! Aircrack can already crack WEP in little or no time if you know what you are doing but WPA has been a no-no. Now this changes everything.
 
This is old news... TKIP was already compromised in the sense that hackers have been able to read the traffic (as per this article). The only new part is they can do it faster now. 1 minute vs an hour - really who cares? WPA TKIP has been broken for ages.
FYI November 2008 http://www.broadbandreports.com/forum/r21385720-New-method-found-to-crack-WPA-but-not-WPA2
 
Yes Darth Shiv, we covered that story back in November and it's linked here as well ;)
"The attack builds on the so-called "Becks-Tews method" unveiled last year by researchers Martin Beck and Erik Tews..."
 
Darth Shiv said:
1 minute vs an hour - really who cares?
Click to expand...
Are you serious? Try actually DOING it on a regular basis and answer that question. One minute is a quantum leap away from an hour.
 
"The world's first Locksmith was the lover of the wife of a Knight who put the first Chastity belt on her before going off on a crusade".

"If Man can make it, it's already been done & some other Man will break it (again) in 10% of the time it took to invent it".

"Locks are only good for at keeping honest people honest. If someone wants to get into something enough, they will, given enough time".

The prisons on both Alcatraz and Devil's Island were said to be impossible to escape from, until (eventually), someone escaped from each (and survived).


The best example:

A couple of "1%" Bikers I used to know once told me: "Our bikes are theft-proof";
I asked how they could be so sure, and one opened the garage;
I found myself looking down the barrel of a pump-action shotgun being held by another "1%" Biker who was living in the garage, & who also slept ON the bikes.

I conceded that they had indeed found the most effective "Security System" I'd ever seen.

(The hard part is having an empty garage, & finding a "1% Biker" who likes you, AND who needs a place to stay, and who you can trust!).

(And my favorite, for this day & age: "Where there's a Will, there's a Lawyer; For everything else, someone's already figured it out").

Peace,

"The Hippie",

(w/Thanks to "Wizard" & "Snake" for not blowing my fool head off when I asked about their "Motorcycle Security System").
 
TKIP was broken a year or possibly two ago...
I don't get this. Don't use TKIP or mix your encryption, bam.
 
Phantasm66 said:
Are you serious? Try actually DOING it on a regular basis and answer that question. One minute is a quantum leap away from an hour.
Click to expand...
No it isn't... simply moving from CPU to GPGPU makes a 100x increase in processing for many applications. A botnet of 100,000 computers gives you... wait for it... 100,000 times more processing power. 60->1 is trivial when it is already broken.

Making WPA2 crackable in many orders of magnitude less time would be significant.
 
I know I'm a bit late o the party, but if I may add the following to the discussion.
I had, YES, had implemented WPA2 security on my N-Draft router. Everything was fine on my home network UNTIL I went to download updates for my Xbox 360. Yea...the Xbox has issues with WPA2 when trying to connect through my router. Well, I had to go back and reset the router to WPA.
Does anyone know if there has been a fix released for this bug in the Xbox 360?
Thanks!
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Unpatchable Apple Silicon vulnerability could leak encryption keys
Replies
15
Views
282
Dreadcthulhu
D
A
Latest Windows Insider build hits the Canary Channel with Wi-Fi 7 support
Replies
0
Views
157
Alfonso Maruccia
A
D
Microsoft BitLocker encryption cracked in just 43 seconds with a $4 Raspberry Pi Pico
Replies
18
Views
472
bviktor
B

Latest posts

Back