One-minute WiFi crack puts further pressure on WPA

Wi-Fi logoIn the wake of WEP's failure, WiFi Protected Access (WPA) was supposed to keep our data safe as it blasted through the ether. It still works, but researchers have now crafted several effective attacks; the newest takes only to minute to decode a short packet.

Researchers have come a step closer to breaking open a common WiFi encryption scheme. An attacker can now read and falsify short packets in the common TKIP version of WiFi Protected Access (WPA) encryption in about one minute—a huge speed increase from the previously-required 12-15 minutes.

The hack is not a complete break; it only results in the ability to read and falsify particular short data packets, but cannot retrieve a WPA encryption key. Still, the rapid development of WPA hacks suggests that those paranoid about security ensure that their WiFi networks are using WPA2 with AES encryption rather than WPA with TKIP.

The current attack comes courtesy of Toshihiro Ohigashi (Hiroshima University) and Masakatu Morii (Kobe University), and it is outlined in a new paper (PDF) of theirs called "A Practical Message Falsification Attack on WPA." It builds on 2008 research from a pair of German students, research that also attacked WPA TKIP systems and could read individual packets, crafted new data for them, then recalculate a legitimate packet checksum.

That attack, called the Beck-Tews attack, had several weaknesses: it only worked on WPA implementations that supported 802.11 quality of service (QOS) features, it only worked on short packets, and it took about 15 minutes.

In less than a year, the Japanese team was able to build on the Beck-Tews attack and apply it to "man in the middle" situations. The result: an attack that functioned on any WPA TKIP network, regardless of QOS, and one that works in about a minute.

In the paper, the researchers describe a scheme in which a computer and a WiFi access point are far enough apart that neither can communicate with each other—but each can talk to the "attacker" computer sitting between them. The attacker then acts as a repeater, passing along the proper packets in both directions. When falsified packets are to be sent, the attacker executes the now-standard "chopchop" attack on a short packet (often ARP broadcasts), deciphers its 64-bit Message Integrity Code (MIC), and can then craft whatever packet it wants. The new packet is coded with the proper checksums and passed along to the access point, which should accept it as genuine.

As we noted when first covering the Beck-Tews attack, WPA is "battered but not broken" by such an attack. These two attacks can certainly present problems, but they do not threaten the overall encryption of the wireless stream. They do highlight weaknesses of TKIP-based encryption, which was designed to patch up some of egregious security holes in the first WiFi encryption protocol, WEP.

But the good news is that encryption has already moved on. WPA2 with AES encryption is now standard on most WiFi products and has yet to show similar security weaknesses.

Source: ars technica

Tags: Wi-Fi

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)