toggle

AAPL Stock: 113.29 ( + 0.37 )

Printed from http://www.macnn.com

Crack breaks WPA-encrypted Wi-Fi in 1 minute

updated 10:45 pm EDT, Thu August 27, 2009

WPA 1 Minute Hack

Japanese researchers today revealed that they have developed a crack that can break WPA (Wireless Protected Access) encryption on a Wi-Fi network within a minute. Kobe University's Masakatu Morii and Hiroshima University's Toshihiro Ohigashi together developed a practical attack that exploits a vulnerability in the Temporal Key Integrity Protocol, or TKIP, that underlines WPA. While not providing full details of the attack for security reasons, the new approach is much faster than a previous technique that took between 12 and 15 minutes to expose the network.

The creators of the technique stressed that it won't work with WPA2, the second-generation wireless encryption method that uses the much toucher Advanced Encryption Standard (AES) at its root. AES is frequently used for safeguarding permanent storage, such as on some flash drives and in Apple's FileVault for Mac OS X. Virtually all routers and end devices that support 802.11g and 802.11n also support WPA2.

More details should become public at a Hiroshima conference on September 25th. There are no indications of a likely patch for routers or other Wi-Fi equipment.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. lkrupp

    Joined: Dec 1969

    +1

    So what!

    Most users are clueless and don't have ANY wireless encryption turned on in the first place. It's too much for their feeble minds to comprehend.

  1. testudo

    Joined: Dec 1969

    -3

    Re: So what!

    Or they just don't believe it is important.

    My brother laughs at everyone in my family with encryption turned on, and he ran an ISP where he lived for a long time, and has been working in computers for 30 years.

  1. ggirton

    Joined: Dec 1969

    +2

    incorrectamundo!

    A walk through a surburban neighborhood with the dog, checking out the various home networks on my iPod Touch, reveals that most users DO have their encryption turned ON.

    In any urban area, ALL networks are typically encrypted, except of course for that of Testudo's wise old brother, who probably wonders from time to time why his network connection is slow, but then blames it on the cable company instead of the torrenting teenagers next door!

  1. elitree

    Joined: Dec 1969

    +4

    small correction

    When the original TKIP crack came out last year, there was a lot of misinformation about WPA being insecure and WPA2 being completely secure. This article seems to have carried forward some of the misinformation.

    The TKIP protocol, which makes use of an not-secure-enough RC4 cipher, was required for inclusion in all WPA-certified routers. WPA-certified routers did not require the CCMP protocol, which uses the secure AES cipher. However, many (most?) WPA routers still included the CCMP protocol, even though it wasn't required for WPA certification.

    WPA2 certification, on the other hand, requires routers to include the secure CCMP protocol, but most (all?) WPA2 routers still included the insecure TKIP protocol.

    In other words, both insecure TKIP and secure CCMP are available for use on most WPA and WPA2-certified routers out there, and it's up to the router users to ensure that CCMP, not TKIP, is in use as the encryption protocol. But WPA is no less secure than WPA2--it's TKIP that's less secure than CCMP.

    See Security Now! Episode 170 for more detailed info.... thanks!

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

Wren V5US Wireless Sound System

If you're a music fanatic, chances are you are, by extension, a bit fanatical about what you listen to your music on. If you're like ...

toggle

Most Commented