WPA networks cracked in just under a minute, researchers claim
By Ross Miller 
posted Aug 27th 2009 9:42PM
posted Aug 27th 2009 9:42PM
Please note: If you're a current Engadget commenter, you do not need to re-register. Simply login and you will be prompted to select a username.
hehe
This is old news. Posted on f2bbs.com with instructions a week ago.
come on now, you can't just toss out a forum link and say old news without actually direct linking to the actual topic. you should know better... or else give us the instructions.
Hooray! More f2bbs bots!
I get the last laugh. I don't encyrpt. If your wifi signal makes it's way to my computer when I'm on the road I'll use it and if you need to use mine then go ahead.
I'll just put my wifi into Faraday Cage then, avoiding from being stolen by Nicholas Cage.
Thanks for the info engadget!
Gone in 60 seconds,haha, Engadget can steal that cover, they license this stuff or what is going on here? They even call other people KIRFers,lol.
actually KIRF is an a term engadget made up, so the irony is that you should be licensing it from them to say it
@ no_one: it's just a parody dude...
Just use MAC filtering on your router instead of a key. Sure a PITA when setting up new devices but better speed (no encryption/decryption overhead) and completely locked down to anyone else trying to use it.
Changing a MAC address isn't hard. That is very is spoof.
but if you can't connect to the network then how can you known which mac to clone?.
"Just use MAC filtering" is such bad advice.
Or maybe you are a bandwidth leecher trying to encourage bad habits?
See, APple produucts are so secure that even NAMING something after an Apple computer is far superior...
AHAHAH
MAC!
Get a mac, use a mac...
@Magallanes: You don't need to connect to pull the MAC addresses. You don't even need to decrypt the packets to get them! They are always visible.
@James - The MAC addresses comes from the 802 standard, which is dates back the February 1980. In fact, Xerox was using a similar MAC system all the way back as far as 1972. The "Mac" you are referring to came years later, in 1984 (as well all know from the commercials). Your post shows that you are both a troll, and incredibly ignorant. In the future, please refraining from trying to discuss that which you do not understand, maybe then you will avoid achieving the oh-so-deserving title of "Lowest Ranking".
For a second I thought Kobe University is where you learn about basketball and adultery...
no, beef
I can has white women to rape?
I think it has something to do with steaks, actually.
is WPA personal with TKIP algo safe enough for a small home network? i've got 4,5 wifi networks in my surroundings, just wanted to be sure if i'm really vulnerable to wifi hacks?
my password is 12-15 characters with digits and sepcial chzracteers...
adultery!!?!! that makes it sound like she wasn't sexually assaulted.
I was thinking about a nice juicy steak.
That is an entertaining photoshop.
Curse you, broken comment system!!!!
Actually, it made your response very entertaining.
The least they could have done is put the WiFi over Nicholas Cage's face instead of Angelina! Does Ross have a man crush on Nicholas and secretly despises Angelina? :p
MAC filtering is the easiest thing to get around.
Quote from Wikipedia...
MAC Filtering can be circumvented by scanning a valid MAC (via airodump-ng) and then changing the own MAC into a validated one. This can be done in the Windows Registry or by using commandline tools on a Linux platform.
Ah this is too funny, I was just changing the settings on my linksys network. Turn on engadget and I see my router getting cracked by Mister bird hair Nicholas Cage, Awesome.
So you can do the thing on WPA.
is WPA personal, with TKIP protection secure enough?
i'm using a random 15 char pass with special chars and digits... just a small home network.
The whole article is how WPA1 (WPA1 = TKIP) is vulnerable because of a flaw. Most likely they are not brute forcing your password, and no amount of complexity for a password is gonna save your network. But the likelihood of anyone having the technical know-how is extremely rare. If you live in New York City or any other big city, you may have a concern.
http://en.wikipedia.org/wiki/WPA2
I've got a question: My router is currently secured with a WEP-WPA2 combination because the print server doesn't support WEP. what does this mean? I'm using a netgear WNDR3300. is it WEP on the 2.4ghz band and WPA2 on the 5ghz?
You suck at life.
It means your 2.4 band is as good as open.
Meaning his network is meaning his router is meaning his 5GHz is too logically.
What router are you using? I've been in IT for 16 years (but a geek my whole life) and I've never seen a consumer level wifi router that can simultaneously use two different encryption protocols. Are you sure that you are using WEP and WPA2? I kind of doubt it. You are probably using one or the other. Anyway, regardless, you don't need WEP (and actually shouldn't use it at all because of how insecure it it). Everyone (and by that I mean EVERYONE) should use WPA2 (which uses a derived form of AES encryption) on their wifi routers. WPA2 has still not been broken in a live environment and is considered by security experts to indeed be secure. Anything less than WPA2 is vulnerable. WEP is actually a joke and with tools downloaded from the Internet anyone can basically break into any WEP 'secured' network in less than a minute by using just a laptop.
Moral of the story: Use WPA2 on your wifi networks. Anything else is vulnerable.
maybe run two dif. ip subnets with an open router and move on?
Probably splitting your wifi from your wired is a good way of protecting the wired network from intrusion, but it won't help your devices that are on the wifi, and makes sharing files between machines a little difficult.
Somebody needs to come up with an easy built-in RADIUS server router firmware. TinyPEAP was a great step towards this, but it's no longer maintained.
that pic deserves an award
+1 on the Photoshop guys!
LOLOL!!
Crappy Linksys Router car!!!
I cannot get over that pic, and a old linksys at that!
Great job!
Some days it's not even worth chewing through the restraints.
Just use a crappy router that you yourself have trouble connecting to from 4 feet, why do you think they make them?
Well, at least it wasn't WPA2 as that is what I use between my Airport Express and Time Capsule via 802.11n 5GHz. This combined with MAC filtering and a max-length random-ascii character password that's changed weekly makes me feel pretty secure.
Still, even with that I still only login to important sites like banks via my computer with the hardwired net connection. Color me paranoid I guess.
Err... I really don't know what to say..
do you work for the CIA?
i just rar my pr0n with a 5character password.
thats the most security i ever need.
If you want to be more paranoid then read up on ssl MiM vulnerability. Now you will do your banking in person and send your bills using stamps.
Oh.. poor James. Poor, poor James. -∞
I am set on WPA2-Personal AES
Eleanor?
Shopped. Look at the pixels by the router.
Oh come on...
I +1'd you in hopes that it was clever sarcasm.
Let's take this into perspective. Although personally I'm using WAP2+AES+random password from GRC, you have to actually have the intent to break into someone's network to do this. A lay person looking to leech off wifi will look for an unprotected network, and wouldn't even waste their time on networks with WEP.
My big beef is the fact that it is extremely troublesome to enter a highly random password, especially on devices without a real keyboard and/or capability to cut-n-paste the key from a text file (game consoles, MP3 players, cellphones, etc). I mean really, they expect a lay person to understand this? People cannot even configure the clock on their VCR, let alone understand security and encryption for their wireless router. There's gotta be an easier way for this (eg. maybe a wifi equipped cellphone with a camera should be able to take a key printed on a screen/paper via its camera with character recognition).
There is a better way. Hardware keys that have to be inserted into some of unique (not USB) slot that would encrypt data before being passed over a secure or unsecure network.
The system would use synchronized time (time unique to the router, which can only be synced by physically connecting the key to the router, which would then only be good for a pre-determined amount of time [1 day / 1 week / 1 month]) to change the encryption key every couple seconds or minutes. If you had "hardware keys," it would also be much easier to lock the router down only to MAC addresses that have been physically connected to the router.
I'm sure what I'm describing has been done... I'm just not aware of any attempt to push networks that are actually secure into our homes. It's as if no one REALLY cares.
WPA or even WEP is good enough for anyone that doesn't live in a major city or military base. If you know rudimentary OS security you have very little to worry about even if your network is invaded. At worst they may leech your bandwidth, but they won't see your 350gb porn collection.
Is it bad that I don't even remember or care what security I have on my router? I know it's probably weak, but it's a thin deterrent layer just so my network doesn't show up as 'unsecured' on a neighbor's computer. I honestly don't give a crap about security. I just think about the odds of some unemployed hacker fishing within 20 feet of my duplex at a time when either of my laptops are not hibernating. I think those odds are so low that I'm better off risking getting infiltrated than constantly worrying about my layers of security and constantly changing passwords just to take that chance of getting hit from 1% down to .5%. I pay a little for identity theft insurance. I'll jump that hurdle if it comes. Until then, go ahead you unscrupulous nerds, check out my taste in porn, music and excel macros, I'm not losing sleep over it.
You know with computers you don't have to sit there waiting, anybody can run a scanner 24/7 waiting for the fly to fly into the web, and with directional antennas they can be more than 20 yards away too.
And once they got your CC number and identity there is no 'you' to deal with it any more since they are 'you' then and 'you' are nobody :)
Also when they chat using your network on some pakistani chat about blowing up the US consulate then you can spend a few years convincing the waterboard crew, for instance.
Or they can use your IP to send spam and then you'll find your IP is blacklisted worldwide and nobody accepts your mail or connections any more, quite an annoying thing in practise and it can take a while to find out what happened.
I just switched the settings on my router to AES thanks for the heads up.
I already had mine on AES... not that anyone wants to hack into my network, but a man's wireless is his castle!
I live in an apartment complex so I can never be too safe.
*Sigh* It's a good thing the average bandwidth leechers are in MUCH greater supply than the 1337 haxxors that do this crap. Chances are you won't get hacked as long as you have WEP, and even if you don't have encryption at all, there's still only a slight chance that someone is going to use it with malicious intent.
That said, I got WPA2 and 64 characters of saftey, with some MAC changing thingy. It's like wearing a seat belt.
My neighbors are all old people. I don't think they own computers.
hmm, i will look into this for sure. makes internet access so much easier with my laptop since i dont have to limit myself to cracking WEP networks, which takes more than a 10 minutes
Ha, I have that movie poster on my wall right next to me. Except that I folded it so only Angelina is showing lol
come to wapi then
I have WEP 64 bit :P
i'm not really worried about bad guys snooping around on my wireless, in fact i didn't have any encryption at all until i happened to notice some random person was connected to my wireless. I find all those paranoid encryption people really annoying, if they are "1337 hackers" who hack wireless connections as a hobby that doesn't mean other people nearby are too.
More terrible reporting on this story. Most of the details are already available in a paper.
If you think this has broken WPA, then WPA has been broken for almost a year.
This method is an optimisation of the Beck-Tews attack on WPA which had previously relied on the networks having IEEE 802.11e Quality of Service. The new attack has reduced the time to a best case time of about 1 minute. They use a man in the middle attack rather than relying on QoS.
They claim that they can recover 37% of encrypted ARP packets in best case of a minute. Yes, just ARP, where once the AP IP is known, there is only one byte left to recover.
Note that they do not claim that they can do this in "under a minute".
This attack does NOT recover the WPA-TKIP key, and thus you can't read all WPA-TKIP traffic freely and you can't authenticate with the network. You can just decrypt some ARP packets and falsify them.
Obviously this is not good and is another blow to WPA-TKIP. It will be broken like WEP soon enough. It just hasn't been broken yet.
I'll just keep enjoying my WPA2 setup then.
Of course if you have a 360 WiFi adaptor you are screwed, they still don't support WPA2.
best picture ever
And I claim I can fly, according to the Whizbang Komodo Bombe University in Pamplona, Spain.
My bike lock can be cracked in two seconds with the right tool, but I still use it. It still protects against most would-be thieves. It also makes the theft of my bike much more deliberate, premeditated, and prosecutable.
Are they cracking it or exhausting it?
if you consider "cracked" to mean the encryption is broken and the attacker now has access to your network this is not it. this method does not retrieve the key. what this does is allows the replacement of individual packets. basically this allows an attacker to send you false data that is properly encrypted to look legitimate . this can lead to man in the middle attacks if you happen to be spaced such that both you and the router can reach the attacking computer but not each other.
http://arstechnica.com/tech-policy/news/2009/08/one-minute-wifi-crack-puts-further-pressure-on-wpa.ars