Researchers crack WPA Wi-Fi encryption in 60 seconds

Researchers crack WPA Wi-Fi encryption in 60 seconds

Summary: Computer scientists in Japan have developed a way to break the WPA encryption system used in wireless routers in just one minute.The attack, which reads encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system, was devised by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University.


Computer scientists in Japan have developed a way to break the WPA encryption system used in wireless routers in just one minute.

The attack, which reads encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system, was devised by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University.

The scientists plan to discuss further details at a technical conference on Sept. 25 in Hiroshima.

Security researchers first showed how WPA could be broken last November, but the researchers have accelerated theory into practice, taking the proven 15-minute "Becks-Tews method" developed by researchers Martin Beck and Erik Tews and speeding it up to just 60 seconds.

Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm, and do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard, or AES, algorithm.

According to their report (.pdf), the limits of the man-in-the-middle attack are fairly restrictive. But the development should spark users to drop WPA with TKIP as a secure method of protection.

Securing routers has been a long and bumpy road. The WEP (Wired Equivalent Privacy) system introduced in 1997 is now considered to be insecure by security experts. Then came WPA with TKIP, followed by WPA 2.

But users have been slow to upgrade to the latest secure methods.

Topics: Networking, Mobility, Wi-Fi

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Thats why WPA2 is the only way to go..

    WPA is nice for backwards compatibility - esp those that cant talk WPA2 (AES-CCMP) but this is all the more reason to remove these devices. I personally use WPA2-ENT [yes at home] which I understand is not the norm :) but I NEVER worry about the security of my wireless network as it carries VoIP and other "sensitive" data. Wireless networks need to be properly secured and firewalled from the main LAN to keep them and the rest of the network safe.

    WPA2 :) WEP or WPA :(
    • Not exactly, you could be running WPA2-TKIP and WPA-AES

      Not exactly, you could be running WPA2-TKIP and
      WPA-AES. That means in that particular
      instance, the WPA deployment would be more
      secure than WPA2.

      Remember that WPA and WPA2 are merely marketing

      This attack definitely shows that the TKIP
      Band-Aid is all but completely broken, but it's
      not a 1 minutes attack by any stretch of the
      • I referenced...

        ...your excellent technical advisory based on rolling out SSC's for PEAP (under RADIUS) - which you wrote for TechRepublic last year. I know, i know, that was 'a long time ago' .. and you wrote *alot* of articles last year. That said, i'm still genuinely grateful for the excellent PEAP implementation guide that you published, it proved invaluable in trouble-shooting across planning, design, testing and re-testing phases.

        Many thanks are due.

        At any rate, i was kicking myself late last year, as my final documented recommendations included using either WPA-TKIP or WPA-AES to secure a WLAN. It was within a week of submitting the report that i read the news flash about *-TKIP being broken - at the time the reported attack vector was still only theoretical.

        I certainly hope that the client org' will have *since* implemented WPA-AES - although that might be a 'stretch' since the contracted hardware vendor was talking up a storm over a WPA-TKIP based WLAN.

        Again, thanks for the great technical writing, you do credit to CNet/TechRepublic/ZDNet [ al]. I only wish i could say that of some of the staffers here at ZDNet. But that, as the saying goes, "is an entirely different story".

      • WPA-TKIP or WPA2-TKIP

        basically the same thing.

        I still don't see how 60 seconds is possible, even with the best of technology. We were talking about months to cut this down last time and that was with GPUs. While I admin, I have built a system that would be ideal for this, I don't see the point of dedicating it to breaking a key in a month.

        To even add more fuel to the fire, last time to break the key too brute force and the length was a determining factor. Is that still relevant?
  • My situation

    I use WPA/WPA2 mixed mode. All of my devices use WPA2, but I have some neighbors who I allow on my WLAN also. Just thinking of it, I think both have XP SP3 now, so I just switched it to WPA2 only while writing this.

    My old (3,5 years) Dell Inspiron 2200 with XP SP2 has the XP SP2 WPA2 update from Microsoft. There, the problem is that it when I install SP3, no SSIDs are found (latest drivers, tried everything) - thus, uninstalled SP3. It's only on once a month on average, so that isn't that much of a problem.
    Daniel Breslauer
  • Let's use Apple logic here

    Is it in the wild? No? Then it doesn't exist. I encourage all of my Apple loving friends to keep using WPA until they personally know someone who has had their WPA router hacked and has actually suffered some negative consequence from it.

    Until then, this is just crazy scientific gobblygook!
    • WPA cracks are in the wild, this is just expediting the speed at

      which someone could crack in. Using an unsecure wireless standard such as WEP or TKIP is wreckless and unsafe. It is a fair bet that the bulk of users that use PSK's use the same password to log on to their computer, into their router, for bank accounts and e-mails. So if I am able to fish out the password for a router using these techniques, I could potentially empty their bank accounts, and send hate mail to the President or Members of Congress in their name, and let them take the rap, and <b><i>"Gone in 60 Seconds."</b></i>

      In this case their best option is to move to WPA2 with AES encryption, or run their Access point wide open.
      • I think you missed the blinding sarcasm there... n/t

        • That's sarcasm?

          Or just another excuse to troll...

          This discussion has nothing to do with Apple or Windoze or any other OS, but how WPA can be cracked.

          I suspect WPA2 with AES will be the next victim.
          Wintel BSOD
          • LOL!!!

            [i]Or just another excuse to troll...[/i]

            Says the person who can't spell Windows!!
          • Windoze?

            Hey, isn't that the OS that makes me fall asleep sitting in front of it?

            Except when the virus alerts go off...

            lol... :D
            Wintel BSOD
      • Not so bad

        I'm thinking wreckless would be good, whereas reckless would be bad. Sorry, I'm a language wonk.

        I'm going home to make sure I'm not using TKIP. However, since my bank account is already empty, that wouldn't be a problem. And I haven't had time to send hate mail to the president and congress, so that part would be welcome - at least until they succeed in outlawing free speech. If I see you cruising my neighborhood with a directional antenna, you'll probably get a load of buckshot, unless they succeed in outlawing gun ownership, too.
        • Just checkin'

          So...are you okay with me cruising around with an omni? Also, you're okay with discharging firearms on public lands o_O?
    • Ignore the Microsoft troll. [nt]

    • obsess

      v. intr. To have the mind excessively preoccupied with a single emotion
      or topic.
  • Should make note that Microsoft's Xbox 360

    with the wireless adapter only supports WPA 1. Here was their responses.

    <i>"Thank you for contacting Microsoft online support for XBOX. I am Naya and I will be helping you today with this issue.

    I understand that you are inquiring if the WPA 2 security standard is supported by Xbox 360 and the wireless networking adapter. We appreciate the opportunity to assist you.

    Unfortunately, the Xbox console does not support WPA 2 security standard. Typically, you can connect to the wireless access point through a Web browser. Because the default settings can vary for different routers, you should see your wireless access point, gateway manual, or contact the manufacturer for more help.

    To establish a successful connection, you must obtain the following three pieces of information from the wireless access point:

    . The Network Name (SSID)
    . The Security Type (either WEP 64 or 128-bit or WPA 1)
    . The Security Key"</i>


    <i>"This is Hazel, with Microsoft XBOX Support services.

    We appreciate your time writing us regarding your concern, and as I understand, you have well-founded concerns on the security of your network.

    Please accept our apologies for the inconvenience that may have caused you."</i>

    Oh if you are running an xbox 360 and want WPA2 support you will need to buy a 3rd party wireless gaming adapter.

    And before a smart comment about why someone would want to use wireless over wire. My internet comes in the upstairs of my apartment, and the living room and entertainment area is downstairs.
    • I thought XBox didn't even support WPA!!

      [i]Oh if you are running an xbox 360 and want WPA2 support you will need to buy a 3rd party wireless gaming adapter.[/i]

      I bought a DLink wireless bridge which not only gives you WPA2, it also gives you Wireless N. The XBox plugs in wired and the bridge communicates with your router wirelessly. For me, this has worked out really well since my TV, my Blu-Ray, and my MediaPC all have wired NICs but no wireless. They all plug into the bridge and all get WPA2 wireless N connectivity for $99!
      • The xbox does support WPA1 standard

        but again I think that is a B/G connection. And yes a WGA or Bridge as you described function essentially the same way. Also adding the benefit of N speeds if you have a capable router.
    • How about a smart comment...

      ... on why the heck did you by a MS console? Has yours failed yet? I don't own one, but everyone I know who does, has experienced a failure. My PS3 continues to work... Oh - and does WPA2. ;)
      • That's the important thing about a console

        If it supports WPA2 then nothing else matters. :)

        Ever wonder why people keep on buying XBoxes after they fail? It isn't exactly like no one has heard of the PS3.