Posted on 08/28/2009 10:58:25 AM PDT by ShadowAce
Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.
The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.
Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.
They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.
The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.
The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.
WPA with TKIP "was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago," said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said.
Wi-Fi-certified products have had to support WPA 2 since March 2006. "There's certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time," Davis-Felner said.
Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. "It's not as bad as WEP, but it's also certainly bad."
Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.
“Don’t forget to change the default login and password for the WAP admin account.”
Thats a biggie, if they can get into your wireless they can acess your router pretty easily.
WPA2 is still good for now. We’ll see for how long. BTT.
“but there are so many unsecured (no password) home networks out there....”
I have one right here.
Last week while on my back deck listening to tunes on my laptop i realized that an un-secured network somewhere had a higher power reception than my own wireless router so i used their internet instead of mine for the day.
Worked great.
Thanks to all for the good suggestions.
>> Mac address filtering is your friend. :)
Wow, you’re even more paranoid than me... you aren’t letting ANY mac ids connect! :-)
>> MACs can be spoofed quite easily
True, but you kinda need to know what ID to spoof; that’s a little bit harder of a problem. Not insurmountable, but harder.
Interesting this originated in Japan.
From what I understand the laws are much harsher there.
You are held responsible for what is done with your equipment and a “hostile takeover” is not a valid excuse.
I’d be surprised if very many in Japan still used WEP.
>>>> Mac address filtering is your friend. :)
Wow, you’re even more paranoid than me... you aren’t letting ANY mac ids connect!<<
On my old Microsoft router, It was all I could get to work. I just got a new router and tried using actual security. It worked but when my daughter tried to get in using vista, instead of asking for the security code, it asked for a password and other data. We gave up and just had her use a neighbor’s unsecured wifi.
>> We gave up and just had her use a neighbor’s unsecured wifi.
ROFL! Another happy Vista customer.
Then break out Wireshark and start sniffing traffic. ;)
>> Then break out Wireshark and start sniffing traffic. ;)
Yeah, I guess a hacker could do that. Then he could break my WEP, and by golly, he’d be in!
I might get suspicious of that car in the cul-de-sac for a week, though. Not really close enough to any neighbors for someone to do it from an adjacent house.
I don’t know which is more pathetic — a guy like me who has a really boring on-line life, or a guy who would spend a lot of effort hacking the boring wifi comms of a guy like me. :-)
Lock up something of value and a crook will always find a way to break the lock.
I would set up a small self-contained box somewhere nearby but in a hidden area...and just let that sniff traffic for a while. Pick it up later and analyze the results.
;)
Setting up my wifes Vista laptop was less of a challenge. I don’t remember why. With my daughter’s, I would click on my connection and it asked for information completely irrelevant to the actual key.
>> I would set up a small self-contained box somewhere nearby but in a hidden area...and just let that sniff traffic for a while. Pick it up later and analyze the results.
Oh, THAT’S what that box is. You might want to find a more interesting location for it!
Lol.
>> Setting up my wifes Vista laptop was less of a challenge. I don’t remember why.
On my brother’s, it went pretty well if he jacked into the router to set up his wireless. Fairly automatic, then unplug the cable and away you go.
Your daughter, on the other hand, must be on that special “federal watch list”. ;-)
A great man I once worked for used to say, “Locks are made to keep out honest people.”
Lock up something of value and a crook will always find a way to break the lock.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Criminals (like water) always follow the path of least resistance.
As long as you have a bigger lock than your neighbor you are good.
I don't doubt it. But you may have been compromised already, and if not you will be eventually.
An unsecured wireless is an obvious invitation to others. Well guess what? When you connect to such a network, you are a "peer" (on the same local net) to any other wireless user on that access point.
Including, of course, the guy who set it up, who has been waiting for you. Or the guy in the car, war-driving, and looking for victims. Bet on it -- there's a hacker who knows about, or set up, that unsecured wireless.
He is the spider in that web. As soon as you connect, he can connect to your computer. Unless you have strong passwords on your login accounts, he will be able to access your hard drive (e.g. on Windows using the default C$ share) with "administrator" privilege.
Connecting to an unsecured wireless is like having unprotected sex daily with strangers. Sooner or later you WILL get infected, or have your identity stolen, or your credentials copied.
It's a free country -- do as you wish. But at least, please use strong passwords, and a strong firewall that actively warns you of attempts to connect to your computer. That'll mitigate the danger a little.
See ya... it's been nice chatting with everyone...
-PJ
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.