Erik Tews and Martin Beck's research may lead companies to ditch wireless altogether and move back to good old copper.
If you thought that your wireless network was secure because you use WPA, think again: researchers have worked out a method of cracking the code in under fifteen minutes.
According to BetaNews
, cryptographers Erik Tews and Martin Beck are to give a presentation entitled “Gone in 900 seconds: Some Crypto issues with WPA
” at the PacSec
conference in Tokyo next week.
The presentation is expected to go into detail regarding Tews's discovery that the Pairwise Master Key can be obtained and the Temporal Key Integrity Protocol cracked, allowing captured network traffic to be decoded in a window of between twelve to fifteen minutes without
the lengthy process of brute-force or dictionary guessing that would normally be required.
Described in an article over on PC World
” only as a “mathematical breakthrough
”, the pair claim to be using new code added to the Aircrack-NG wireless cracking utility suite in the last two weeks to aid in their attack on WPA. The only additional detail leaked ahead of the presentation is the claim that the pair have figured out a way to force an access point into broadcasting far more traffic than would normally be the case, in order to give them a larger corpus of encrypted data to work with.
This data spoofing method sounds very similar to the vulnerabilty in ARP packet injection used to crack WPA's insecure predecessor WEP in under a minute. While the cryptographic robustness of the algorithms used in WPA prevent such rapid caculation, it's worth mentioning that this is the first attack on WPA which does not rely on brute-force methods – meaning there is plenty of scope for the speed to be improved in future.
Are you running to your router as you read this to flick the power switch, or is a fifteen minute delay enough to keep your data secure? Share your thoughts over in the forums