WPA cracked in 15 minutes or less, or your next router's free
Filed under: Wireless
Previous
myTouch 3G hands-on (with video!)
Olympus E-P1 hands-on, test shots, and mini-review
Wii MotionPlus impressions
HTC Hero hands-on
MacBook Pro (mid 2009) in-depth impressions
Amazon Kindle DX review
Engadget Podcast 153 - 07.03.2009: Independence Day edition
Breaking news Feed
- Sony Ericsson Rachael UI video leaks out, Kiki comes for the ride
- T-Mobile's myTouch 3G launch event: pre-orders now available
- Google announces Chrome OS, coming to netbooks second half of 2010
- LG teases next-generation Chocolate for August unveiling
- Sony Vaio W netbook now official in US, coming August for $499
- Palm Pre official on O2 and Movistar in Europe, launch "in time for holidays"
- Creative Zii and Zii EGG touchscreen players with HD cameras served up by FCC
- Sony announces VAIO W... netbook!
- Sony Ericsson "Rachael" Android XPERIA handset unveiled?
- Sprint matches Verizon's pace, launching BlackBerry Tour on July 12
Featured stories Feed
- Editorial: Taking the iPhone 3GS off the job market
- Video: Toshiba TG01 gets UK launch, we handle it again
- Ask Engadget: What's the best nettop out there now?
- HTC Hero vs. T-Mobile myTouch 3G... fight!
- Switched On: With Google, this is not your father's OS war
- myTouch 3G hands-on (with video!)
- T-Mobile's myTouch 3G launch event: pre-orders now available
- Verizon BlackBerry Tour 9630 review
- How would you change the Palm Pre?
- Ask Engadget: Best Bluetooth mouse out there?
Engadget Video
- Editorial: Taking the iPhone 3GS off the job market
- In tomorrow's nightmarish hellscape, robots shoot craps and Samsung Galaxy is your only friend
- BlackBerry Onyx with optical trackball leaks out
- New Cradlepoint firmware turns MiFi into -- wait for it -- a 3G WiFi router
- Samsung Galaxy GT-I7500 unboxed, "Google Experience" distinction now clear as mud
- French Hackers Give the Finger to President Sarkozy's Internet Bill
- Plots Disappearing From Porn, Thanks to Short Online Attention Spans
- Crook Reaches Through Window to Swipe Laptop From Man's Lap
- Affordable MakerBot 'Prints' 3-D Objects (Even Designers Approve)
- Morning Xtra: Web Words in Websters, Queen Elizabeth Tweets
Resources
Sections
WIN Network
- Autos
- Technology
- Lifestyle
- Gaming
- Entertainment
- Finance
- Sports
- Also on AOL
Reader Comments (Page 1 of 2)
Innovative1 @ Dec 1st 2008 10:18AM
...if they use a simple password.
ljohnny @ Nov 6th 2008 11:02AM
WAG325N in the picture. Great router!
jonz @ Nov 6th 2008 11:07AM
in 15 minutes, not anymore....
Flashpoint @ Nov 6th 2008 11:17AM
I thought this was old news?
I have a chinese program which takes about 3 minutes to break WEP and about 20 minutes to break WPA. It sends millions of packets to the router and recognizes the rejected packet's properties to figure out the true code.
PDubNYC @ Nov 6th 2008 11:57AM
Wow, I'm shocked. Flashpoint is a script kiddie. Who woulda thunk it?
Carpet @ Nov 6th 2008 12:05PM
@ Flashpoint
I guess this method reads the data being set out and decrpyts it. It's passive, he's eavesdropping and can then choose to send info.
The problem with those programs you've mentioned is that they can probably be detected.
Surely if you set up your router right, with restricted MAC addresses, these programs won't work and even this guy wouldn't be able to send you data (though he'd still be ale to read what you're sending).
For an alternate method try TEMPEST (http://en.wikipedia.org/wiki/TEMPEST).
Mike @ Nov 6th 2008 4:28PM
@Carpet
MAC cloning isn't a difficult task. Blocking by MAC address is useful, but not fool-proof.
---
Jeez, I hope AES lasts a while. I don't feel like having to buy a new router just because of something like this.
E71 @ Nov 6th 2008 8:54PM
This building's walls are lined with lead. Good luck getting a signal, b*tch! :)
strider_mt2k @ Nov 6th 2008 11:05AM
""Inconceivable!" those hypothetical security experts would say..."
http://www.youtube.com/watch?v=G2y8Sx4B2Sk
AlekZander @ Nov 6th 2008 11:59AM
No, that's not what they said. All security protocols get cracked, sooner or later. What they meant was, there was no published attack against WPA at that time, so it was inconceivable at that time. No serious security professional would ever say anything is going to be secure forever.
strider_mt2k @ Nov 6th 2008 12:21PM
AlekZander, you're a bigger buzzkill than Buzz Killington.
Hung @ Nov 6th 2008 2:43PM
Hello. My name is Hung Le. You killed my buzz. Prepared to be low-ranked.
Hello. My name is...
collegekid13 @ Nov 6th 2008 11:08AM
alright . . . whats the next gen of wireless security? cause WPA2 is not far from dead now
iEye @ Nov 6th 2008 12:34PM
The safest way, physical wires... forego wireless if you can...
chefgon_ign @ Nov 6th 2008 12:45PM
Are physical wires even safe? Wasn't it just a month ago that they figured out how to wirelessly record keystrokes from a wired keyboard because of mild electrical pulses coming off the wire? I think the only way to really be safe is to just crawl into John McCain's computerless cave and live out the rest of your life disconnected and alone.
linuxamp @ Nov 6th 2008 11:15PM
WPA3
RoboDan @ Nov 6th 2008 11:08AM
So when's the new security standard coming out? Hey, router guys?
JC @ Nov 6th 2008 11:09AM
With the ease that WEP and WPA can be hacked, is it helpful to use MAC address filtering on your home wi-fi router? I have been using this for a while, but I don't know how much this really helps. Is it relatively easy to capture and then spoof the MAC addresses on your filter list?
tijs @ Nov 6th 2008 11:16AM
actually you can see the connected computers without hacking, and of course see their mac address as well. kism@c
this part is easy.
then you can change your mac address with little tools. spoofm@c
this part is easier.
mac filtering is not safe.
BadgerPenis @ Nov 7th 2008 3:59AM
MAC filtering it only useful for keeping out accidental connections. MAC addresses are easily captured and spoofed.
In all honesty if you have WPA turned on you have very little to worry about. 99% of the population wouldn't know how to hack you and the other 1% don't need to because there are easier targets.
CraigJ @ Nov 6th 2008 11:42AM
All Mac filtering does is keep your computer illiterate neighbors from leeching. As a security measure it is worthless.
BananaBoat @ Nov 6th 2008 4:05PM
Mac addys can be spoofed, but yeah, it's an excellent way to keep your neighbor (or even someone you know, trying to get a non-approved-by-you device onto the network) off of your wifi network. The best advice here is to close down your network as much as possible. For instance, don't share the root of a drive, period, and absolutely don't share the root of a drive with a computer that is connected via wifi. Don't give write privileges to your network shares either. WPA or WPA2 are going to keep all but the most computer savvy neighbors off of your network. If you are really paranoid, encrypt your data on your HDD, so that if some script kiddy does get in, he's not getting any personal info anyway. He may be able to crack WPA, but he isn't going to crack AES 256. If you make sure your banks website (or any site you use your credit card on) is using SSL, then that data is encrypted and you don't need to worry about that anyway.
Oh, and another tip for keeping neighbors off of your Wifi, is making sure they don't get a signal. Point the signal at your devices that need it, instead of letting it send out waves in every direction (you can accomplish this with a parabolic reflector). Also, limit the number of DHCP addresses that your router can assign. If you have 3 devices total, and they are all on at all times, you only need to allow your router to give 3 IP addresses total.
Oh, and FFS, make sure your router has a secure (10+ character, numbers and letters, if not numbers letters and symbols) password. The best security can be foiled in an instant if you are using the default login of your router.
BananaBoat @ Nov 6th 2008 4:09PM
Oh, and I almost forgot, turn off announcing on your router if you haven't already done so. Basically, when a router announces it's presence, anyone with a decent Wifi card can find it. Adding the extra step of having to manually enter in the name of the AP is going to keep most people off. Sure, someone could still capture packets, and eventually figure out where they are coming from, but chances are they aren't going to bother. The only problem is that you'll need to enter in the name of the AP on every computer/device/etc you need to connect via Wifi, but it's one extra security measure that most people don't use.
ProfessorKaos @ Nov 7th 2008 9:54PM
Problem is the then hacker can lock you out of your own network. MAC filtering is really a no-win situation with hackers. If MAC filterings intentions are to keep out would-be computer-illiterate neighbors then use WPA, or WPA2 if you can.
thazlett @ Nov 6th 2008 11:10AM
pfffff mac filtering , but that wont be difficult...
BadgerPenis @ Nov 6th 2008 11:14AM
"enables him to crack WPA-TKIP in 12 to 15 minutes. There are some limitations, as the data sent from a connected device to the compromised router is apparently still safe"
So he hasn't cracked WPA-TKIP at all then, if it were cracked then data in both directions would be compromised.
mike808 @ Nov 6th 2008 1:10PM
Until you enable packet duplication on the compromised router to send any incoming packets out to another mac, namely, that of the eavesdropper. A compromised router is just that - compromised, and all bets are off on protecting any packets coming into it.
Seventh @ Nov 6th 2008 11:19AM
MAC filtering is useless as MAC addresses are unencrypted, visible, and easily spoofed even using Windows.
It has been known for some time that TKIP is broken and this is why for almost 2 years I have had my clients on AES / WPA2 using a 63 character randomly generated password.
I owe everything I know about WIFI security to Security Now Podcast with Steve Gibson, he explains things far better than any course or book could.
Chris G. @ Nov 6th 2008 11:34AM
Yep, best advise possible. WPA2 w/ AES, 63 character random password from https://www.grc.com/passwords.htm
MAC Filtering is worse then WEP for security. Same with SSID hiding. That is why I don't bother with either of them.
Only negative on the 63 character random password: real real hard to type on an iPhone.
FuzzyCat @ Nov 6th 2008 11:43AM
Actually NOT using 63 chars is going to be safer - Telling people how long your password is helps them, now they know only to try 63 char passwords. Using any other length password and NOT telling the world about it is going to mean they have to test all passwords from length 1 to 62.
phil @ Nov 6th 2008 11:52AM
@FuzzyCat
You go ahead and brute force a 63 byte passphrase. Let me know how that works out after the heat-death of the universe.
KIFF @ Nov 6th 2008 11:57AM
Stupid advise. 63 character password is better than 62.
FuzzyCat @ Nov 6th 2008 12:12PM
@Phil
The point is telling someone it's 63 chars still means they aren't wasting cpu cycles on shorter passwords. I know that brute forcing 63 chars isn't exactly quick but knowing it's 63 chars long cuts out trillions of possibilities that would still need to be tested.
Let's say you allow upper and lower case chars and digits - that gives 26+26+10 = 62 chars to try per char in the password, a 4 character password has 62 x 62 x 62 x 62 = 14,776,336 possible combinations. While these are 'short' they would still be wasting cpu cycles - KNOWING you only have to test 63 chars cuts out test ALL of the shorter passwords - ideally you want them to have to test them all.
FuzzyCat @ Nov 6th 2008 12:18PM
@Kiff
Obviously 63 chars is stronger than 62. You missed the point completely. Which do you think will take more time -
a) Brute force 63 char password
b) Brute force 1 char password, then a 2 char password, then a 3 char password, then a... etc up to 63 chars?
9bit @ Nov 7th 2008 12:18AM
@FuzzyCat
That almost sounds like a good idea until you realize that there are more 63 char passphrases than 1-62 characters ones combined.
Josh @ Nov 6th 2008 1:53PM
Do you think he has a sign on his door saying his password is 63 characters long? Posting here in an anon fashion is hardly a security vulnerability for him. Your argument is baseless. I think you just like to argue.
Paul @ Nov 6th 2008 2:41PM
Knowing it is 63 characters does not help them at all, it still leaves them with 2.28273036 × 10^113 possible combinations, this is larger than the number of atoms in the universe. Good luck with that.
To put that number in perspective some more:
63^63 = 2.28 x 10^113 (number of codes)
Lets say you can do 3 trillion checks a second.
2.28 x 10^113 / 3000000000000 = 7.60910121 × 10^100 seconds
Now, lets convert that to years:
7.60910121 × 10^100 / 60 minutes / 24 hours / 365 days = 1.4476981 × 10^95 years
Also, remember, this is just an alpha numeric code, forgetting spaces and symbols characters which greatly add to the complexity.
Paul @ Nov 6th 2008 2:52PM
hmm... its actually 62 ^ 62, but the fact remains the number is still ridiculously large
Oh, and as for my "Atoms in the universe" comment I now see its "Atoms in the OBSERVABLE universe"
http://en.wikipedia.org/wiki/Observable_universe#Matter_content
Hung @ Nov 6th 2008 3:15PM
Listen to this man: "Josh @ Nov 6th 2008 1:53PM
Do you think he has a sign on his door saying his password is 63 characters long? Posting here in an anon fashion is hardly a security vulnerability for him. Your argument is baseless. I think you just like to argue."
He's mostly right. This isn't a real argument. You naysayers forget that telling someone your password length will compromise your security, REGARDLESS of length.
Let me reiterate: Telling someone your password length will compromise your security, REGARDLESS of length.
@FuzzyCat
What's going to take longer:
(a) Brute forcing a 63 character password without knowing it's 63 characters?
(b) Brute forcing one that's 8 to 62 (8 is the minimum) without knowing it's 8-62?
HOLY SHIT, IT'S FUCKING MAGIC.
Tejas @ Nov 6th 2008 3:26PM
WOW! A proper technical discussion on Engadget! Who'd have thought?!
*wipes the tear from his eye*
Paul @ Nov 6th 2008 4:09PM
@Hung
I am not debating the fact that it will take longer if you dont know its already 63, but when its already going to take nearly 10,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, 000,000,000,000,000,000 years to brute force a 63 character password, I dont think it really matters.
This WPA crack revolves around flaws in the encryption algorithm itself, not how you choose your password.
FuzzyCat @ Nov 6th 2008 6:37PM
@Paul
I'm not saying it wouldn't take a long time, I've never said that. You are of course assuming that the password isn't discovered until the very last itteration which is as likely as me being bothered to try :)
Joseph @ Nov 6th 2008 8:01PM
I would like to chime in.
@Fuzzycat
If they start with 63 characters and work their way down, instead of starting at 1 and working their way up. Then you lose again.
SimbaDogg @ Nov 6th 2008 11:19AM
security...like control, is an illusion
BobTurbo @ Nov 6th 2008 8:24PM
Offense is the best defense.
happy_penguin @ Nov 6th 2008 11:26AM
The best security is common sense. Be careful what you do and how you do it because someone could be watching and no amount of encryption will ever be foolproof. If somebody wants your shit, they're going to get it.
Samboini @ Nov 6th 2008 12:34PM
Those crafty sewer thieves.
thekale @ Nov 6th 2008 2:01PM
I thought you might be worried . . . about the security . . . of your shit.
BobTurbo @ Nov 6th 2008 8:26PM
This is why I have a trace buster tracer bust.
Frun @ Nov 6th 2008 11:31AM
What if you are using WPA2 with AES? Still crackable?