The ToyBox

Ricardo Bilton & Gloria Sin
Home / News & Blogs / The ToyBox

No longer safe: WPA encryption cracked in 12 to 15 minutes

By | November 6, 2008, 8:44am PST

Summary: It was only a matter of time. Sure, we can all expect that some hacker with enough time and processing power would eventually crack a WPA-protected wireless network to decrypt someone’s precious data. But in 15 minutes? Yes sir, according to Wi-Fi wizard Erik Tews, who is expected to give a presentation next week at the PacSec Conference [...]

Wi-Fi ZoneIt was only a matter of time.

Sure, we can all expect that some hacker with enough time and processing power would eventually crack a WPA-protected wireless network to decrypt someone’s precious data.

But in 15 minutes?

Yes sir, according to Wi-Fi wizard Erik Tews, who is expected to give a presentation next week at the PacSec Conference in Tokyo describing his “mathematical breakthrough” that he says enables him to crack WPA-TKIP in just 12 to 15 minutes.

PC World has the scoop:

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck’s Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

Uh oh.

Of course, there are limitations: Apparently, the data sent from a connected device to the compromised router is still safe. But anything headed down the information highway in the opposite direction? Wide open.

So who is this Tews guy, anyway? He’s the guy who cracked WEP in under a minute last year (and, in a bit of irony, advised people to switch to WPA as a result). The answer, for now, is to switch to WPA2.

For now.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “The ToyBox”

Topics

WPA, Encryption, Erik Tews, Wi-Fi, Network Security, Wireless, Networking, Andrew Nusca

Andrew J. Nusca is editor of ZDNet and SmartPlanet.

Disclosure

Andrew Nusca

Andrew J. Nusca does not hold any investments in the technology companies he covers.

Biography

Andrew Nusca

Editor

Andrew J. Nusca is an editor for ZDNet and SmartPlanet. As a journalist based in New York City, he has written for Popular Mechanics and Men's Vogue and his byline has appeared in New York magazine, The Huffington Post, New York Daily News, Editor & Publisher, New York Press and many others. He also writes The Editorialiste, a media criticism blog.

He is a New York University graduate and former news editor and columnist of the Washington Square News. He is a graduate of the Columbia University Graduate School of Journalism. He has been named "Howard Kurtz, Jr." by film critic John Lichman despite having no relation to him. He lives in his native Philadelphia with his wife, cat and Boston Terrier.

Follow him on Twitter.

8
Comments
Add Your Opinion

Join the conversation!

Just In

Do some fact checking ZDnet
Caedis 28th Nov 2008
This issue was discounted by a recent "Security Now!" podcast segment (Ep 170 "WPA Crack" GRC.com)

Steve Gibson categorically makes this article and others like it look like ignorant sensationalists.

Thanks for the fact checking ZDnet, good scare tactics.
View in thread
0 Votes
+ -
I've said it before, I'll say it again...
SpikeyMike 6th Nov 2008
Wireless and Retail do not mix!

http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=45392&messageID=838312&start=-9957
0 Votes
+ -
The only secure networking choice...
endermc12 6th Nov 2008
This is why my office uses cans connected to a string. We used to use paper airplanes, but haxorz started grabbing them in flight.
0 Votes
+ -
Telegraph, telephone, television, tellawoman!
kd5auq 6th Nov 2008
The string is the weak link. Anyone with a trained cat can have it casually rub against the string and "meow-code" the information to its owner!

I personally do not trust wireless security without a backup VPN or other method. Someone might discover my true identity?
0 Votes
+ -
WPA is not cracked - only TKIP is, no access to data..
thierryzoller 6th Nov 2008
Here is why :
- Attack does not give you access to the data transmited
- Why? Only the TKIP key is being recovered

Temporal Key Integrity Protocol (TKIP) is nothing else then our good old friend RC4 (same as used in WEP, yep) with the difference that the KEY changes every 10KB packet,
hence the name (Temporal). Another change was to add the MAC into the calculation making it basicaly a salt that results in different key set with the same IV (Initialisation Vector). This also reduces the possibility of a replay attack.

What McMillan basicaly says is that they found a way to :
- have the AP generate LOT of traffic, meaning lot of encrypted datapackets you can
then use a new way to bruteforce TKIP


I can't say more until the airodump-ng SVN repositry is reachable, part of the code is already in there.
0 Votes
+ -
ahhh stop being soo sensational. Your topic header is cherry picking.
Been_Done_Before 6th Nov 2008
They cant send data, nore can they get on the network to use it for their own purposes.

encrypted traffic is also already protected. Maybe you could read parts of packets.. but that doesnt get you the whole file.. since the key changes all the time.
0 Votes
+ -
Yes, but any crack ....
kd5auq 6th Nov 2008
Any crack exposes a weakness that can be used for further penetration. Granted, this may be the camel getting his nose in the tent, but ...
0 Votes
+ -
CRAcked
not of this world 6th Nov 2008
(and, in a bit of irony, advised people to switch to WPA as a result). The answer, for now, is to switch to WPA2.)


this is a set p they know this for years now,
only it's gotten much worse than MS can fix.
all plot and ploy by us gov.

>>> blue tooth is the same way !
0 Votes
+ -
Do some fact checking ZDnet
Caedis 28th Nov 2008
This issue was discounted by a recent "Security Now!" podcast segment (Ep 170 "WPA Crack" GRC.com)

Steve Gibson categorically makes this article and others like it look like ignorant sensationalists.

Thanks for the fact checking ZDnet, good scare tactics.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix