ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

WPA Wi-Fi encryption (partially) cracked

By | November 6, 2008, 10:16am PST

Summary: Rob McMillan at IDG has the scoop on new research that shows it’s possible to partially crack the WPA (Wi-Fi Protected Access) encryption standard. Full details of the theoretical attack is not yet known but McMillan reports that two security researchers — Erik Tews and Martin Beck — plan to discuss the issue at next week’s [...]

WPA Wi-Fi encryption (partially) crackedRob McMillan at IDG has the scoop on new research that shows it’s possible to partially crack the WPA (Wi-Fi Protected Access) encryption standard.

Full details of the theoretical attack is not yet known but McMillan reports that two security researchers — Erik Tews and Martin Beck — plan to discuss the issue at next week’s PacSec conference in Japan. “[They] will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

From the report:

To do this, [the researchers] found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck’s Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

It’s important to note, as Thierry Zoller explains, that this is only a partial crack that doesn’t give an attacker access to data transmited over a wireless network.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

WPA, Router, Encryption, Attack, Tews, Network Security, Wi-Fi, Wireless, Networking, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
10
Comments
Add Your Opinion

Join the conversation!

Just In

RE: WPA Wi-Fi encryption (partially) cracked
lovedong 13th Sep
You're very welcome happy replica watches
View in thread
0 Votes
+ -
What about CCMP?
Michael Kelly 6th Nov 2008
WPA2 is unaffected, right?
0 Votes
+ -
WPA is unaffected if you're using AES mode
georgeou 6th Nov 2008
See NuCrash's posted right below this thread where he quoted my explanation.
0 Votes
+ -
RE: WPA Wi-Fi encryption (partially) cracked
lovedong 13th Sep
You're very welcome happy replica watches
0 Votes
+ -
TKIP Bad, AES good
nucrash 6th Nov 2008
Credit to George Ou for explaining this to me:

"They significantly weakened TKIP encryption further, so this is different from the previous story which was a brute force dictionary attack on the Pre-Shared Key. This however does not necessarily break WPA, since AES is a feature in most WPA certified devices. Only the earlier WPA certified devices going back before 2004 were unable to use AES.

TKIP was always known to be a stopgap measure in the encryption community and this research simply proved that prediction right. My worry is that people have the knee jerk reaction that all encryption, including 3DES or AES, is this weak when it simply isn't true. The lesson here is that if you used strong encryption to begin with, you wouldn't have these problems. Now if you're running TKIP, it's time you upgraded to AES encryption. WPA certified devices most likely have AES capability while WPA2 certified capability guarantees that capability."

Don't get worried if you have AES, but if you use TKIP, you might consider upgrading soon.
0 Votes
+ -
RE: WPA Wi-Fi encryption (partially) cracked
drew1950 7th Nov 2008
What about WEP? it this more secure than WPA?
0 Votes
+ -
No
georgeou 7th Nov 2008
WEP is dead
http://blogs.zdnet.com/Ou/?p=464

WPA as a whole isn't cracked. Only a certain encryption mode TKIP is partially cracked which means you should no longer use TKIP. Most WPA devices support AES encryption which is designed to hold up for many decades or longer.

WPA2 devices are all certified to have AES capability.
0 Votes
+ -
Is there a alternative if they do crack this all the way.
phatkat 7th Nov 2008
WPA was available when WEP was started to be cracked so I'm was checking if there is a "next generation" wireless security method to supersede WPA if needed.
I know that AES with WPA is secure for now but any form of wireless broadcast is vulnerable and over time people will eventually crack this also.
If they are started, not yet fully cracked, WPA we better have a some form of new security for wireless connections or we will be really in trouble.
0 Votes
+ -
My take ...
thx-1138_@... 7th Nov 2008
... on the matter is this - if i am reading correctly - and without any further insight:

I beleive the synopsis so far is that WPA using dynamic temporal keys is extremely vulnerable to the new attack vector.

The first thing you must grasp is that WPA is the 'encryption protocol' and TKIP is the associated 'manner of securing or encapsulating the data' you wish to protect under WPA (well at least until now).

Now, *IF* you are using, for arguments sake, WPA with AES or 3DES in place of TKIP, i believe that the vulnerability is nullified.

Essentially WPA needs uses 'cipher modes' to operate in - which might be anyone of TKIP, triple-DES or AES. I'm not about to get into the repercussions for WPA2 simply because it hasn't even been mentioned in the article.

I hope that firstly i'm correct in my conclusions, and secondly that my explanation answered (for the most part) what you wanted to know in regards WPA, TKIP, etc.

CONCLUSION: if you are using WPA & dynamic temporal keys (TKIP), switch to WPA with triple-DES (3DES) or better still WPA with AES (if your wireless h/w and peripherals support it - that is, AES).

Sincerely
0 Votes
+ -
RE: WPA Wi-Fi encryption (partially) cracked
jc666777@... 25th Nov 2008
Josh Wright has a fantastic write-up at http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf

slide 26 contains all the wifi manufacturers responses to the hack.
0 Votes
+ -
RE: WPA Wi-Fi encryption (partially) cracked
birumut Updated - 5th May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix