Once thought safe, WPA Wi-Fi encryption is cracked
Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.
They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack
Security experts had known that TKIP could be cracked using what's known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.
The work of Tews and Beck does not involve a dictionary attack, however.
To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.
Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.
WPA is widely used on today's Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.
A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.
"Everybody has been saying, 'Go to WPA because WEP is broken,'" Ruiu said. "This is a break in WPA."
If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.
Ruiu expects a lot more WPA research to follow this work. "Its just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground."
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by TwitterOn Twitter now
security
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
This article seems a little
This article seems a little misleading. The issue appears to be a sort of vulnerability in the TKIP method of encryption, not so much the WPA transport layer itself. Unless the WPA transport is whats broken. WPA2 uses the same type of encryption even though the transport layer itself is different.On the other hand, if you are using WPA in a corporate environment (even a small one), you should be using WPA/2 Enterprise and not Personal.
While I'm no security expert, my opinion here is just that of a lowly network admin.
WPA2
I thought WPA2 specifies the option to use AES (CCMP) which is totally different from WPA (TKIP), based on the RC4 cipher. I understand WPA2 is also backwards compatible, but wouldn't using AES CCMP mitigate this attack?WPA2 is NOT the same as WPA
>>I thought WPA2 specifies the option to use AES (CCMP) >>which is totally different from WPA (TKIP),That's correct. If you're configured for WPA2 Enterprise (e.g. EAP-TLS) or WPA2 Personal (pre-shared key) you're using AES/CCMP exclusively.
There is a mixed mode that some authentication software supports (e.g. hostapd) which uses TKIP/RC4 for group traffic and either TKIP/RC4 or AES/CCMP for unicast traffic depending on the STA.
While I agree that AES/CCMP is stronger encryption than TKIP/RC4, I'd love to see the details that demonstrate that simply by snooping on existing traffic you can determine the keys. While that's possible with WEP, I don't think that's possible given nonce/sonce used in the WPA 4-way handshaking. Now, given WPA pre-shared keys can be as short as eight ASCII characters, dictionary attacks make either WPA Personal or WPA2 Personal vulnerable.
If you're a network administrator who is serious about security, you'll avoid sharing keys altogether by using EAP, or you'll use long hex keys instead of a short ASCII passphrase.