Slashdot Log In
Researchers Crack WPA Wi-Fi Encryption
Posted by
CmdrTaco
on Thu Nov 06, 2008 11:50 AM
from the now-they'll-know-my-secrets dept.
from the now-they'll-know-my-secrets dept.
narramissic writes "Researchers Erik Tews and Martin Beck 'have just opened the box on a whole new hacker playground, says Dragos Ruiu, organizer of the PacSec conference. At the conference, Tews will show how he was able to partially crack WPA encryption in order to read data being sent from a router to a laptop. To do this, Tews and Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. 'Its just the starting point,' said Ruiu."
Related Stories
[+]
Hardware: WPA Encryption Cracked In 60 Seconds 322 comments
carusoj writes "Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."
[+]
Mobile: New Improvements On the Attacks On WPA/TKIP 89 comments
olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Meh (Score:5, Interesting)
Cat5
Re:Meh (Score:5, Funny)
Bah... cat5 is already broken, and cat5e is next.
Got to think cat6 at least, if not cat7. They're much thicker; harder to break.
Parent
Who uses TKIP instead of AES? (Score:5, Interesting)
Re:Who uses TKIP instead of AES? (Score:5, Informative)
Is AES not the more secure of the two? From everything I have read, AES is the preffered option over TKIP.
I recall seeing some AP setups where TKIP was the default scheme.
In the wide spectrum of Luddite to Novice to Hobbyist to Professional there are probably a bunch of users that might know enough to use WPA (perhaps from prodding from friends) and use the default settings with a key (either random or a passphrase).
Parent
Hahaha! (Score:5, Funny)
Parent
Re:Hahaha! (Score:5, Funny)
Parent
Re:Hahaha! (Score:5, Funny)
I run one called "man_in_the_middle". Best pay attention to those certificate warnings when you're using it.
Parent
Re:Who uses TKIP instead of AES? (Score:5, Informative)
WPA and TKIP was really just a stepping stone to get people off WEP and heading toward WPA2 and AES. Wireless hardware built to run WEP didn't have the processing power to run AES (I think it needed a separate crypto processor just for AES). So they made the WPA standard run TKIP so current WEP hardware was able to use a better security setup. It was all intended to move everyone to WPA2 with AES after everyone had bought newer wireless cards and routers.
Interestingly, this means if you have hardware that only supports WEP, and the vendor doesn't offer WPA support, it's because they are too lazy to implement it (or want you to buy the new stuff). The hardware can handle it, they just need to add it to the firmware. My work had some handheld units like this. We had to buy all new units.
Parent
Re:Who uses TKIP instead of AES? (Score:5, Informative)
Parent
Re:Who uses TKIP instead of AES? (Score:5, Informative)
AES and TKIP are not apples to apples. AES is an encryption algorithm. TKIP basically handles the keys that the encryption algorithm uses.
A better apples to apples comparison would be between the encryption algorithms (RC4 and AES) or the key managers (TKIP and CCMP).
Generally, WPA uses TKIP/RC4 and WPA2 (802.11i) uses CCMP/AES.
WPA (TKIP/RC4) was supposed to be a bridge between WEP and WPA2. WPA used RC4 (just like WEP) but enhanced (TKIP) in order improve security while using existing (WEP/RC4) hardware.
WPA2 has always been considered more secure than WPA on paper though until this there has never been a documented exploit for either of them.
Parent
Re:Who uses TKIP instead of AES? (Score:5, Informative)
AES is a cypher. TKIP is a protocol, the Temporal Key Integrity Protocol, to be precise. The cypher used by WEP and WPA/TKIP is RC4. TKIP is what keeps changing the RC4 key to avoid the attacks on WEP, for which the attacker needs to collect many packets which have been encrypted with the same key. TKIP was invented to salvage older hardware, which only implemented the RC4 cypher.
It is important to know that WEP's weakness is not simply a vulnerable cypher, but a vulnerability of the crypto system. The announcement states that the attack on WPA/TKIP does not actually crack the key, so this too looks like a vulnerability of the crypto system. That highlights the importance of crypto system design. You can't just take a "secure" cypher and be done with it. The protocol surrounding that cypher is just as important.
Parent
Re:Who uses TKIP instead of AES? (Score:5, Informative)
At least it's not like the Nintendo DS that only supports WEP.
Parent
WPA2 is NOT broken (Score:5, Informative)
Just WPA. WEP was already hideously broken but now WPA should also be considered broken. WPA2 is still safe.
Although, if you really have data you're concerned about keeping safe, you should (a) use a wired network, (b) use IPSEC, or (c) both.
Re:WPA2 is NOT broken (Score:5, Insightful)
I have a hard time seeing the point of this, and the rationale behind other similar moves. Here's why:
Firstly, advances in computing power and security research are always going to result in security schemes being broken, but these broken security mechanisms will always be replaced and improved. Provided you keep up to date with current security practices, and as a Slashdot reader, I assume you can and will, you're really not in any danger at all.
Further, there's numerous other security options you can enable both at the wireless level and the network level to further protect your network, alongside good security practices with existing WPA2 (e.g. maximum length WPA key consisting of random characters and numbers). For example, MAC Address whitelisting, a strong password on the AP, and enabling AP configuration changes to occur only through wired connections. A half decent wireless AP should expose all of these options.
This is more than enough to deter all but the most dedicated hacker. I'm not going to pull random statistics out of my behind, but I would wager that only a ridiculously tiny amount of wireless intrusions are done by experienced hackers, and experienced hackers tend to have an agenda beyond "leeching your tubes". The above security options, if all enabled and correctly configured (as in my home network) goes above and beyond what is required to stop the casual or even experienced war driver in their tracks.
But let's say that somehow, they do manage to break your wireless security. Well, if your network is properly set up, they now have another round of security to get through that should be even tougher. Here, digital signing and encryption of all network communications between Windows machines on the domain is required by policy, no exceptions. This is one example of many.
If someone out there is really willing to go to all that effort to break into your HOME network and access your personal data, you have VERY serious problems. From a corporate network perspective, of course, things might be entirely different.
Bottom line: I have a hard time seeing the point of abandoning wireless due to security concerns in home networks, as a properly secured wireless network and home network will easily defeat all but the most determined and skilled hackers.
And finally, why did you buy into wireless at all in the first place if you were so concerned about security? Everyone knew that WEP was rubbish before it was even cracked (which didn't take long). WPA was a vast improvement over WEP, but even it had its flaws, and this was also well known among those concerned. I find it strange that you're getting out of wireless now, when a look at the whole picture shows that wireless security has improved immensely since the initial takeup of wireless. The real problem is people not moving to these new security setups, and staying with WEP or worse.
Parent
Re:WPA2 is NOT broken (Score:5, Insightful)
Some of my friends think I'm weird because I'm pulling cat5e around the house when everything I use is already working find with WPA2.
You are weird if you're doing that because of security concerns. Here's a hint: no one cares about your wireless network. No, really, they don't.
That said, given how flakey wireless can be, running cable is only sensible, particularly given it makes it easy to run additional telephones, etc, as well.
Parent
Re:WPA2 is NOT broken (Score:5, Informative)
Don't install cat5, install conduit. Then you can pull whatever you want, wherever you want, at any point in the future with ease.
Parent
Re:WPA2 is NOT broken (Score:5, Informative)
Go to the attic, you'll have access to the insides of the walls from above. Drop a chain with a weight down an interior wall (so there's no insulation in the way). Cut a hole in the drywall for your ethernet jack. Guide the weight to the hole, a strong magnet(perhaps from a hard drive) can help here. Then just attach your cat5 to the end of the chain, go back to the attic and pull it up. You can run the cat5 across the entire house in the attic and not worry about people tripping on it or anything. It's kind of shitty work, but it's doable if you're just a little bit handy.
Parent
Re:WPA2 is NOT broken (Score:5, Informative)
Some notes on wiring -- either power or ethernet cable.
1. Drill two holes in the header, each about 1/2" in diameter, about 2" apart. You put a flashlight over one so you can see what you're doing when you drop the line down the other.
2. On the bottom end, cut a full-sized hole for a standard rework box. You can get standard wall faceplates for snap-in Cat5 outlets. I generally wire with double-hole faceplates, and put a phone cord in the lower one and Cat5 in the upper. A rework box hole gives you a large enough opening that you can get your hand in there and grab stuff. Pull the wire out and run it into a rework box and put that in the wall. (if you have really big hands you might not be able to do this. Find someone with smaller hands or run a loop of wire into the wall first, then drop the wire from the top, through the loop, and then pull the loop out the hole.)
By using an adjacent hole to admit light, I can usually manage to drop a wire into an existing box if I've punched out the knockout on the top, with a bit of care.
Note that all this advice, and the parent poster advice, all assume you don't have firebreaks inside the wall. Many newer houses have 2x4's across the wall halfway up, to keep the space between the walls acting like a chimney. In that case you're going to be cutting drywall and/or finding a seriously long drillbit. (It's possible to weld a drillbit onto the end of a 3' piece of mild steel rod, but it's pretty unpleasant to use.)
Parent
Re:WPA2 is NOT broken (Score:5, Funny)
Nerds like to sit.
You can sniff packets while sitting just about anywhere. In your kitchen. In your car. On the crapper.
To tap a line, you usually have to get up, and you often have to use some archaic toolset like Screw.Driver or Flash.Light that you haven't supported since 3 forks ago.
Parent
Is it just me... (Score:5, Insightful)
or is anything worth protecting worth using CAT5 on?
Most banks and government institutions don't use WIFI because of the security vulnerabilities. Granted CAT5 doesn't have have security to access (like wifi tkip/aes key), but it is physically secure, which is at the same level of security as the physical machines themselves.
I find WIFI performance and coverage to be dodgy at best. It's an absolute pain to support.
Huh....So for data.... (Score:5, Informative)
If I remember reading right, a few years ago, TKIP client encryption was always able to be broken. The catch was that you had to capture the packets with the handshake between the access point and the client. This could be done by breaking the signal and capturing the ensuing reconnect. AES fixed this problem.
I think this may have been if you wanted to actually decrypt the data between the two though and that meant having the WPA key, which these guys have broken. Before this, as the article states, the only thing was a dictionary attack. So, I wonder if you combine the two, can you intercept data and successfully look at it.
Re: Huh....So for data.... (Score:5, Informative)
TKIP is a nasty hack, actually. It's designed to work with chipsets with onboard WEP encryption/decryption (it re-uses the RC4 hardware), and its security was always quite low (which is why it always re-keys itself every hour by default). It has mechanisms to detect and prevent replay attacks, as well as message integrity checks in case someone manages to break through the protections. It's final defense is a complete shut down of the network and a re-keying of everyone if it detects 2 or 3 MIC failures (the network literally shuts down for a minute).
These days, modern chipsets can do AES in hardware, and there's no reason to use TKIP anymore except in legacy applications (which still exist - though modern software can often just offload the AES in software).
Parent
Re:'Story' tag (Score:5, Informative)
Valid question.
Well, if a story comes from the firehose, it gets tagged "story", because it became a story. And If it didn't, it gets tagged "!story".
Parent
Re:OHNOES! (Score:5, Funny)
Parent
Re:why not RSA? (Score:5, Informative)
Why don't wireless access points just use some well-known and tested public key encryption? What problem is being solved by WEP/WPA/etc which simply broadcasting (or for the paranoid: copying over with a USB key) a regular old public key wouldn't cover?
Why public key? What problem is solved by using public key schemes, with their corresponding complexity, poor performance and large, unwieldy keys?
The question you SHOULD ask is: "Why don't wireless access points just use some well-known and tested symmetric key encryption?"
The answer is: They do. The cipher is called AES and the WiFi security scheme that uses it is called WPA2. What's been broken is the stuff that's still based on the RC4 cipher, which has some well-known flaws.
Parent