Return to VNFAWING.com Website Return to Main Forum Index PageReturn to VNFAWING.com Website
:: Forum Index :: Zephyrnet Forums :: FAQ :: Search :: Memberlist :: Groups :: Register :: Profile :: Log in to check your private messages :: Log in ::
Once thought safe, WPA Wi-Fi encryption is cracked

 
Post new topic   Reply to topic    VNFAWING.com Forum Index -> Internet, Hardware, Networking, & Security Forum
View previous topic :: View next topic  
Author Message
CAG Hotshot

Admin, Site Owner, Developer, Webmaster
 

Rank: Admin, Site Owner, Developer, Webmaster

Joined: 12 Aug 2004

Posts: 16082

Post subject: Once thought safe, WPA Wi-Fi encryption is cracked Reply with quote
Quote:
Once thought safe, WPA Wi-Fi encryption is cracked

November 6, 2008 (IDG News Service) Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what's known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

WPA is widely used on today's Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption, and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.

"Everybody has been saying, 'Go to WPA because WEP is broken,'" Ruiu said. "This is a break in WPA."

If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management at wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.

Ruiu expects a lot more WPA research to follow this work. "It's just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground."

_________________
CAG Hotshot
"FAF Shape Meister"
Forum Administrator
FAF/FA-2 Design team
TSH Member/Developer

-------- __@
----- _`\<,_
---- (*)/ (*)
~~~~~~~~~~~~~~~~



PostThu Nov 6 14:37:56 2008
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    VNFAWING.com Forum Index -> Internet, Hardware, Networking, & Security Forum All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls




VNFAWING Flight Sim Development Center,Inc. - VNFAWING.comô

Powered by phpBB © 2001 - phpBB Group