No longer safe: WPA encryption cracked in 12 to 15 minutes

No longer safe: WPA encryption cracked in 12 to 15 minutes

Summary: It was only a matter of time.Sure, we can all expect that some hacker with enough time and processing power would eventually crack a WPA-protected wireless network to decrypt someone's precious data.

SHARE:
TOPICS: Wi-Fi, Networking
8

Wi-Fi ZoneIt was only a matter of time.

Sure, we can all expect that some hacker with enough time and processing power would eventually crack a WPA-protected wireless network to decrypt someone's precious data.

But in 15 minutes?

Yes sir, according to Wi-Fi wizard Erik Tews, who is expected to give a presentation next week at the PacSec Conference in Tokyo describing his "mathematical breakthrough" that he says enables him to crack WPA-TKIP in just 12 to 15 minutes.

PC World has the scoop:

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

Uh oh.

Of course, there are limitations: Apparently, the data sent from a connected device to the compromised router is still safe. But anything headed down the information highway in the opposite direction? Wide open.

So who is this Tews guy, anyway? He's the guy who cracked WEP in under a minute last year (and, in a bit of irony, advised people to switch to WPA as a result). The answer, for now, is to switch to WPA2.

For now.

Topics: Wi-Fi, Networking

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • I've said it before, I'll say it again...

    Wireless and Retail do not mix!

    http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=45392&messageID=838312&start=-9957
    SpikeyMike
  • The only secure networking choice...

    This is why my office uses cans connected to a string. We used to use paper airplanes, but haxorz started grabbing them in flight.
    endermc12
    • Telegraph, telephone, television, tellawoman!

      The string is the weak link. Anyone with a trained cat can have it casually rub against the string and "meow-code" the information to its owner!

      I personally do not trust wireless security without a backup VPN or other method. Someone might discover my true identity?
      kd5auq
  • WPA is not cracked - only TKIP is, no access to data..

    Here is why :
    - Attack does not give you access to the data transmited
    - Why? Only the TKIP key is being recovered

    Temporal Key Integrity Protocol (TKIP) is nothing else then our good old friend RC4 (same as used in WEP, yep) with the difference that the KEY changes every 10KB packet,
    hence the name (Temporal). Another change was to add the MAC into the calculation making it basicaly a salt that results in different key set with the same IV (Initialisation Vector). This also reduces the possibility of a replay attack.

    What McMillan basicaly says is that they found a way to :
    - have the AP generate LOT of traffic, meaning lot of encrypted datapackets you can
    then use a new way to bruteforce TKIP


    I can't say more until the airodump-ng SVN repositry is reachable, part of the code is already in there.
    thierryzoller
  • ahhh stop being soo sensational. Your topic header is cherry picking.

    They cant send data, nore can they get on the network to use it for their own purposes.

    encrypted traffic is also already protected. Maybe you could read parts of packets.. but that doesnt get you the whole file.. since the key changes all the time.
    Been_Done_Before
    • Yes, but any crack ....

      Any crack exposes a weakness that can be used for further penetration. Granted, this may be the camel getting his nose in the tent, but ...
      kd5auq
  • CRAcked

    (and, in a bit of irony, advised people to switch to WPA as a result). The answer, for now, is to switch to WPA2.)


    this is a set p they know this for years now,
    only it's gotten much worse than MS can fix.
    all plot and ploy by us gov.

    >>> blue tooth is the same way !
    not of this world
  • Do some fact checking ZDnet

    This issue was discounted by a recent "Security Now!" podcast segment (Ep 170 "WPA Crack" GRC.com)

    Steve Gibson categorically makes this article and others like it look like ignorant sensationalists.

    Thanks for the fact checking ZDnet, good scare tactics.
    Caedis