WPA crackable in fifteen minutes

WPA crackable in fifteen minutes

Erik Tews and Martin Beck's research may lead companies to ditch wireless altogether and move back to good old copper.

If you thought that your wireless network was secure because you use WPA, think again: researchers have worked out a method of cracking the code in under fifteen minutes.

According to BetaNews, cryptographers Erik Tews and Martin Beck are to give a presentation entitled “Gone in 900 seconds: Some Crypto issues with WPA” at the PacSec conference in Tokyo next week.

The presentation is expected to go into detail regarding Tews's discovery that the Pairwise Master Key can be obtained and the Temporal Key Integrity Protocol cracked, allowing captured network traffic to be decoded in a window of between twelve to fifteen minutes without the lengthy process of brute-force or dictionary guessing that would normally be required.

Described in an article over on PC World” only as a “mathematical breakthrough”, the pair claim to be using new code added to the Aircrack-NG wireless cracking utility suite in the last two weeks to aid in their attack on WPA. The only additional detail leaked ahead of the presentation is the claim that the pair have figured out a way to force an access point into broadcasting far more traffic than would normally be the case, in order to give them a larger corpus of encrypted data to work with.

This data spoofing method sounds very similar to the vulnerabilty in ARP packet injection used to crack WPA's insecure predecessor WEP in under a minute. While the cryptographic robustness of the algorithms used in WPA prevent such rapid caculation, it's worth mentioning that this is the first attack on WPA which does not rely on brute-force methods – meaning there is plenty of scope for the speed to be improved in future.

Are you running to your router as you read this to flick the power switch, or is a fifteen minute delay enough to keep your data secure? Share your thoughts over in the forums.


Discuss in the forums Reply
airchie 7th November 2008, 09:44 Quote
Before everyone gets too worried, I think WPA-AES is still secure and I believe the current attack on TKIP is only able to decrypt traffic one way.

It still allows malicious data insertion into packets flowing back to your PC from your router though so its still not good. :(
Buzzons 7th November 2008, 09:58 Quote
WPA-TKIP was only used on routers that couldn't support WPA2 (AKA the one with AES). It was a step in the right direction from WEP and could be used on any router that could support WEP. Anyway it's the RC4 encoding that has been broken (again) which is the same base code as the WEP encryption whereas AES is a real cypher... so if you use WPA and your router doesn't support WPA2 - get a new router ;)
Sc0rian 7th November 2008, 10:14 Quote
i doubt anyone near me even knows what a WEP/WPA key is, not alone hackin it
-EVRE- 7th November 2008, 10:22 Quote
I use a 64bit wep key... is that bad? :b j/k
MrMonroe 7th November 2008, 14:56 Quote
I thought they shut down the Works Progress Administration in '43.

These kinds of stories always go over my head.
C-Sniper 7th November 2008, 15:58 Quote
Cool, i know that up until this point most WPA/2 Cracking had to be done via a Dictionary attack. Took forever and if you didn't have the word you were SOL.
dyzophoria 7th November 2008, 17:59 Quote
I actually had a feeling TKIP's demise was at hand, now if WPA2 (AES) was to be easily cracked, that, my friends would be Headlines..
Buzzons 7th November 2008, 18:20 Quote
full info on the thing can be found here..

good details on it as well.
Redbeaver 9th November 2008, 05:08 Quote
Originally Posted by Sc0rian
i doubt anyone near me even knows what a WEP/WPA key is, not alone hackin it

best comment ever.

and ironically true to probably 90% wireless users out there.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums