Wi-Fi Protected Access (WPA) Cracked

Wi-Fi Protected Access (WPA) Cracked

Summary: Just when I thought that WiFi (802.11b/g) networks were getting safer, I get an email from a friend indicating that Wi-Fi Protected Access (WPA) has been cracked.

SHARE:
TOPICS: Wi-Fi
9

Just when I thought that WiFi (802.11b/g) networks were getting safer, I get an email from a friend indicating that Wi-Fi Protected Access (WPA) has been cracked. InformIt.com has posted the details:

In this two-part series, Seth Fogie examines the internals of WPA and demonstrates how this wireless protection method can be cracked with only four packets of data. Part 1 outlines the details of WPA as compared to WEP and builds the foundation for Part 2, in which he describes in detail how WPA-PSK can be cracked.

The crack uses an application called coWPAtty:

coWPAtty is a brute-force cracking tool, which means that it systematically attempts to crack the WPA-PSK by testing numerous passwords, in order, one at a time.

Luckily Apple supports WPA2 on all AirPort Extreme-enabled Macs, the AirPort Extreme Base Station and the AirPort Express. In order to use WPA2 you must install the Airport firmware update (AirPort 4.2) released July 14, 2005.

If you're using an Apple Airport access point use WPA2 encryption. WPA2 uses AES encryption (Advanced Encryption Standard). If you have an older access point use WPA and as last resort use WEP. Make sure you chose passwords that are mixed case, long and will hold up to a dictionary attack. You should also chose the highest available encryption option (232 ->104 -> 40). For more on securing your WiFi network read this article from the WiFi Alliance.

What's on your network? 

Topic: Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Real danger, mitigating factors and solution.

    The WPA algorithm itself is not flaw. The article states that the weakness comes from the way it is initialized on preconfigured Wifi access points, because the WPA key is generated from the 48-bit IEEE MAC address, which is all but not random:
    remember that IEEE MAC addresses are assigned to OEM manufacturers that pay an allocation fee to get new blocks. And not all 48 bits are assignable (the first few bits have special function), so that the same vendor will produce interfaces that have at most 24 bits of randomness in the IEEE mac address.
    Most often, these bits are not really random, because manufacturers assign them with a simple counter on the production chain.
    And sometimes, counters are recycled before the manufacturer gets new MAC address blocks from IEEE (or if the producer has forgotten to pay for new allocations).

    If someone knows the manufacturer and model of the access point, or has some idea about its date of manufacture which could be easy to determine within a 6 months range, with very few effective manfufacturers in that period, then it's easy to simply look at the model in the Wifi area, when it has recently been equiped with a new device, and then buy a similar equipment.

    There are very good chances that you'll get a model in the same range as the model used on the network you want to spy. And some searches on Internet may reveal a database of known MAC addresses using that same equipment, especially for popular models from wellknown trademarks (such as the SOHO models sold in retail street stores or supermarkets, or distributed by ISPs with their router-modem).

    Note that you don't even need to buy the equipement to get this information: it is often printed on a sticker with a barcode directly on the packaging box!

    With that information, it's easy to perfrom a small dictionnary attack exploiting this known highly probable range of IEEE mac addresses, and so to compute the PSK (Public Shared Key) used to initialize and "protect" the WPA product out of the box, because most users won't ever change what appears to them to be a complex and lengthy hexadecimal string, which is painfull to enter and impossible to remember in memory (meaning that customers will prefer keeping the key printed on the box).

    Note that the apparent complexity of the key displayed on the packaging box (and also displayed on a sticker often fixed on the rear of the box, for ease of use by users), makes that customers will rarely change the default password or passphrase (often "0000" or "1234") used by such devices.

    It may be difficult from the outdoor to get access to the sticker, so customers feel unreasonably safe. Sometimes, the only thing that the interface installation wizard will ask is to set the password or passphrase, but its length is often very short, because customers take an example on the default simple 4-digits password, and tend to use similar passwords.

    So the devices's unique key used to initialize the WPA algorithm is weak, as well as the password. Remember that the strength of a system is only the result of the sum of the strength of its independant components. But experience shows that one of the component is never changed (the key) and that changes to the default password are minor.

    So the PSK initialization system does not solve the problem correctly. Actually, the vendors should NOT initializethe PSK based on the weak 48-bit IEEE mac address, but should FULLY initialize it using instead a strong random source.

    Consequence: for WPA users, get access to a strong randomnumber generator, and generate a new key. Print it and keep it in a safe place. Then configure your WPA device explicitly with that key.

    Also change and personalize your SSID for network announcement (most often the default SSID is related to the vendor or device model, or contains little randomness, based on the vendor name and the last few digits of the MAC address displayed on the sticker fixed on the device). Keep it in a safe place too along with the WPA key. Once you know it, remove the SSID public announcement. Your WPA device should not be visible directly using a basic Wifi detector or monitoring software: to connect ot the device you won't be able to select it from the discovered list, but you'll have to enter that name explicitly with your knowledge.
    This way, you WPA device needs not be changed, but the default PSK will no longer be used, and you'll get the full strength of the WPA encryption/authentication algorithm.

    Also prefer Wifi devices that allow forbiddening new device binding when not authorized. Also avoid exposing the Wifi device to public eyes. Some models do have a small button that enables binding temporarily for a maximum of 10 minutes, during which you can connect other authorized device. (if the button is absent, you may find this functionality in the firmware interface by connecting to the configuration web interface, where authorized MAC addresses are listed along with the status of their binding; don't forget to save this list in the device's NVRAM by applying ans saving its configuration).

    If possible, remove the sticker from the device, or make it completely unreadable.
    PhilippeV
  • WPA Still secure

    Every encryption known to man is subject to brute force attacks,
    given enough time and a simple enough password. Use a true
    random password generator like the one at grc.com/passwords
    and you'll make it difficult enough that only a truly determined
    cracker with a lot of free time on their hands would bother. Non-
    story...
    MajorHavoc
    • Agreed

      For the average home user, this won't be an issue unless there are some computer enthusiasts living next door that like to do trial and error on their neighbor's security. Keep your friends close and know thy neighbor ;)

      But once your security of the wireless has been cracked, the security of the computer is truly what is now securing the network. Not the wireless connection. That just keeps the wireless air from being used for free.

      Everything will have flaws and with the amount of users vs programmers available to fix applications, we will always see a flaws and abuse of the flaws.

      Rotating the Wireless password can also be done to make it more work for those neighbors that have inquiring minds.

      HI MJ btw =)
      Revster
  • The ultimate security flaw: the user.

    No matter what security measures are put into a wireless setup, the users will always be the main factor in security. That's because, all too often, they don't use those security setups.

    I have a wireless setup in my house and I have noticed that, whenever I forget to turn on my WAP, there are 2-3 other WAPs that I can connect to because they are UNSECURE (Don't try this at home!). No encryption, no passwords needed, just connect and surf buttnaked and all. They just leave the default settings (off) and it's all up for grabs.

    Makes me wonder if people need to be trained to use security before they are allowed to buy computers and wi-fi.
    Mr. Roboto
    • Sometimes Intentional

      That presumes that the users leave their networks open because
      they just don't know any better. That's probably true in the
      majority of cases, but I and others that I know do it intentionally.
      While I am out of town I depend on either the generosity (or
      naivety) of others to let me connect. Also when I am out of
      town, and ONLY when I am out of town, I leave my access point
      unprotected for others to use. My router log shows occasional
      uses. Perhaps I helped someone like me. There is not much
      damage that can be done if devices on my network are down.

      I wonder how often something malicious is tried. Probably not
      as often as some of the scare stories imply. It probably also
      depends a lot on location.
      CPDay
  • This isn't news, and it's not a flaw.

    The tool you mention is 1 year old. The research paper describing this attack is 3. It's not actually a flaw; it is a known limitation of a pre-shared key protocol that was designed to be very computationally expensive for this sort of dictionary attack.

    More details at:
    http://blogs.zdnet.com/Ou/?p=127
    george_ou
  • WPA2 is no different

    "Luckily Apple supports WPA2 on all AirPort Extreme-enabled Macs, the AirPort Extreme Base Station and the AirPort Express. In order to use WPA2 you must install the Airport firmware update (AirPort 4.2) released July 14, 2005"

    This implies that WPA2 is different from WPA. Fact of the matter is, the use of AES encryption over the older TKIP encryption has nothing do with the WPA-PSK brute force dictionary attack.

    More details at:
    http://blogs.zdnet.com/Ou/?p=127
    george_ou
  • It's STILL Secure!!!

    IF the user uses a weak password, this kind of attack is possible. If they are smart and use a 40+ character random password, it would take 1000+ LIFETIMES on a SUPERCOMPUTER to crack. Of course most people use:
    1. Unsecured: just plain pathetic
    2. WEP: A bit better, but still a bad choice
    One could likely crack 75% of networks simply because they are unsecured or use WEP.
    jonmcm@...
  • cnfnrql 22 yhm

    fxpcda,kqyotvyb15, jimis.
    bdfwekrwe4601-24379010204477498790379226007415