News >> Browse Articles >> Networking
News >> Browse Articles >> Security
Researchers Crack WPA Encryption
Featured Author:
DailyTech
DailyTech is a leading online magazine for a well-educated, tech audience. Its readers enjoy hard-hitting and up to the minute CE, PC, IT and information technology news. DailyTech’s fast-moving content also reaches out via news syndications, public portals, and forums.
Tom Corelis / DailyTech
November 07, 2008
‘No brute-force attacks needed. Bring your laptop, leave your dictionary.’ -
A pair of security researchers claim to have partially cracked WPA encryption, with an attack that takes around 15 minutes.
The technique relies on an undisclosed “mathematical breakthrough,” say researchers Erik Tews and Martin Beck, and breaks the Temporal Key Integrity Protocol (TKIP) key used to encrypt data between a wireless router and its clients. Currently, the attack works only one way: data traveling from the access point to its clients is vulnerable, while data traveling in the opposite direction is not.
The only other known, effective attack against a WPA connection relies on computationally-intensive dictionary attacks, which involves testing wireless data against an extremely large list of educated guesses until one of them successfully decrypts the data in question.
Tews and Beck’s attack lowers these requirements considerably, allowing anyone with the knowledge, a laptop, and 15 minutes of time the ability to listen in on one side of a WPA-encrypted wireless connection.
CNet notes that Tews is no stranger to wireless hacking, as he also co-authored a 2007 paper (PDF) discussing how to crack a 104-bit WEP key in 60 seconds.
The duo will reveal their findings at next week’s Tokyo, Japan-based PacSec security conference in a presentation titled, “Gone in 900 Seconds, Some Crypto Issues with WPA”.
According to PC World, some of the pair’s research already is already appearing in wireless security tools.
Companies and internet users looking to keep their wireless networks secure will have to upgrade to WPA2 now, says PacSec organizer Dragos Ruiu.
“Everybody has been saying, ‘Go to WPA because WEP is broken,’” he said. “This is a break in WPA.”
While it is too early to tell how the WPA attack will be exploited by criminal organizations, many companies are still in the process of transitioning to WPA from weaker standards like WEP, or no encryption at all. Hackers hit one such company, T.J. Maxx, in January 2007 from secured WEP access points; they ran off with one of the largest credit-card hauls in history and caused more than $200 million in damage.
© 2008, DailyTech
Stnightmare
6 months ago
46 comments
hahaha yea same here money i wish they would tell us
money
11 months ago
74 comments
WPA is going down. I knew someone would do it. I wish this told use what tool they used, other than LC5
a__l__a__n
12 months ago
2 comments
Moving to WPA2 is a non-sequitur. TKIP was broken, not WPA itself. You need to move from TKIP to AES. That may or may not require moving from WPA to WPA2 depending on your equipment. But if you move to WPA2, be sure you select AES and not TKIP as the encryption algorithm.
alexandersuarez
about 1 year ago
14 comments
Great article, and I believe the WEP which is the most widely used has been hacked long ago, and infiltration, snooping and spying is ocurring every day.
wifi_deadspot
about 1 year ago
8 comments
Yup. I'm still using WEP because my laptop won't recognise WPA.
The best I can do is filter the MAC addresses and use RADIUS whenever possible.
Until the dust has settled on the 802.11n situation, I'm sticking with what works (universally supported)
sebastianwilliam
about 1 year ago
4 comments
We could switch to WPA 2 But most Laptops Wireless cards act screwy and cant find the network with WPA 2. In order to use WPA 2 you need to by the most recent Wirelss cards or computers. You just cant go to BEst Buy and say Wow this is a fairly priced Wireless card or router even computer which i garantee anything from these guys arent fairly priced ,but expect it to work with WPA 2
sebastianwilliam
about 1 year ago
4 comments
I believve Erik Hacked My wireless router. This past Month ive seen that name in my netstat.
wifi_deadspot
about 1 year ago
8 comments
Encryption has never been touted as 'secure forever'.
It's just 'good enough' to stay ahead of the computational power that average consumers can afford to get hold of. Unfortunately, the hardware is catching up faster than newer encryption is being developed. It won't be long before the whole thing is rendered useless by quantum-computers. Fortunately, it's not affordable by most of the population just yet.
h08817
about 1 year ago
2 comments
You should use CCMP encryption on your wireless network or use a RADIUS server for authentication.
BugaBoo
about 1 year ago
46 comments
Repeat: "where thieves break in and steal." Still all too true!
alexkroeger
about 1 year ago
2 comments
Still the most secure way of internet is wired, Wireless is still so new that there are many bugs to work out. As long as we are just transmitting data across open space there will always be people "listening" in.
Invictus
about 1 year ago
2 comments
In the security world, no plan you will ever make survives contact with reality. Change your keys regularly, use hardware and software firewalls, and signal scramblers. You will still have problems in a wireless enviornment. What havent they cracked yet? SRLB.
pratikf
about 1 year ago
26 comments
Its just a matter of time before they crack WPA2 as well. The world is not so safe after all...
ZootsAlures
about 1 year ago
12 comments
So, one direction has been hacked into. It's just a matter of time before full duplex hacking occurs. It's time to deploy dynamic encryption keys that will provide a buffer until the next technological leap becomes available. So long WPA
glenn_williams
about 1 year ago
4 comments
The thing to remember is that encryption keys, like door locks, are really meant to keep honest people honest and slow down intruders. It may come to a point of changing those locks on a random basis to prevent intrusions.