Wi-Fi WPA Encryption Protocol Cracked
We've always been warned to be vigilant about what information we provide when online. Between phishing, malware, and DNS spoofing it's difficult to blindly trust any online entity these days. But if we have a secure connection to a known site, we're okay then, right? Not always... Someone might still be listening in.
Just because you think your connection is secure, doesn't mean that it is. In fact, as we reported a few weeks ago, researchers have found a way to wirelessly listen in on your keyboard activity--sort of a passive, non-intrusive keylogger. Perhaps a bit more common is the act of listening in on wireless networking communications. Even such efforts as disabling router SSIDs and using MAC address filtering aren't foolproof--SSIDs can be sniffed and MAC addresses can be spoofed. That is where encryption was supposed to save the day; but the initial WEP algorithm proved to be too weak and could be easily cracked within minutes. Replacing WEP were the much more robust WPA and WPA2 encryption protocols. While not guaranteed to be absolutely secure (they are subject to brute-force dictionary attacks of guessing passkeys), they proved to be robust enough to withstand cracking attempts... Until now that is.
Apparently, a pair of researchers, Erik Tews and Martin Beck, will be speaking at next week's PacSec Conference in Tokyo about how they cracked the WPA protocol. Apparently they first found a way to get a WPA-enabled router to "send them large amounts of data." The large data pool gives them more encrypted communications to analyze. They claim that with their new technique, they were able to crack WPA's TKIP key in less than 15 minutes. As part of this technique requires receiving a substantial amount of data from a router, they have so far only been able to crack WPA by listening in on communications from the router, and not by listening in on communications from a connected client to a router. They claim, however, that "the attack could also be used to send bogus information to a client connected to the router."
While this is the first known, non-dictionary-based, crack of WPA, this could be just the tip of the iceberg now that the genie is out of the bottle. Once Tews and Beck make their presentation and eventually publish their findings, others may make further developments based on their work or find similar cracking methods. For the time being, WPA2 is still considered a secure encryption protocol... But for how long?
Just because you think your connection is secure, doesn't mean that it is. In fact, as we reported a few weeks ago, researchers have found a way to wirelessly listen in on your keyboard activity--sort of a passive, non-intrusive keylogger. Perhaps a bit more common is the act of listening in on wireless networking communications. Even such efforts as disabling router SSIDs and using MAC address filtering aren't foolproof--SSIDs can be sniffed and MAC addresses can be spoofed. That is where encryption was supposed to save the day; but the initial WEP algorithm proved to be too weak and could be easily cracked within minutes. Replacing WEP were the much more robust WPA and WPA2 encryption protocols. While not guaranteed to be absolutely secure (they are subject to brute-force dictionary attacks of guessing passkeys), they proved to be robust enough to withstand cracking attempts... Until now that is.
 |
| Credit: Microsoft |
While this is the first known, non-dictionary-based, crack of WPA, this could be just the tip of the iceberg now that the genie is out of the bottle. Once Tews and Beck make their presentation and eventually publish their findings, others may make further developments based on their work or find similar cracking methods. For the time being, WPA2 is still considered a secure encryption protocol... But for how long?
