Researchers Crack WPA Wi-Fi Encryption

← Back to Stories (view on slashdot.org)

Researchers Crack WPA Wi-Fi Encryption

Posted by CmdrTaco on Thursday November 6, 2008 @03:50AM from the now-they'll-know-my-secrets dept.

narramissic writes "Researchers Erik Tews and Martin Beck 'have just opened the box on a whole new hacker playground, says Dragos Ruiu, organizer of the PacSec conference. At the conference, Tews will show how he was able to partially crack WPA encryption in order to read data being sent from a router to a laptop. To do this, Tews and Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. 'Its just the starting point,' said Ruiu."

30 of 311 comments (clear)

Min score:

Reason:

Sort:

Ha ha ha ha by Anonymous Coward · 2008-11-06 03:54 · Score: 3, Funny

All your AP are belong to us.
You have no chance to survive make your time.
Hahaha! by u38cg · 2008-11-06 03:59 · Score: 5, Funny

I use WEP!

--
[FUCK BETA]
1. Re:Hahaha! by PotatoFarmer · 2008-11-06 04:08 · Score: 5, Funny
  
  We know. By the way, do you think you could talk your ISP into increasing your download bandwidth?
2. Re:Hahaha! by blhack · 2008-11-06 04:25 · Score: 2, Funny
  
  Yeah, and I run an open access point with the SSID hidden called "secret_awesome".
  I feel like its the least I can do to help any new geeks in the area :).
  
  --
  NewslilySocial News. No lolcats allowed.
3. Re:Hahaha! by Lisandro · 2008-11-06 04:38 · Score: 2, Funny
  
  So you are the one slowing down my torrents...
4. Re:Hahaha! by russotto · 2008-11-06 04:38 · Score: 4, Funny
  
  Yeah, and I run an open access point with the SSID hidden called "secret_awesome".
  I run one called "man_in_the_middle". Best pay attention to those certificate warnings when you're using it.
5. Re:Hahaha! by tkdtaylor · 2008-11-06 06:57 · Score: 2, Funny
  
  I call mine "HoneyPot"
6. Re:Hahaha! by layer3switch · 2008-11-06 12:26 · Score: 2, Funny
  
  No, that would be me, Comcast.
  
  --
  "Don't let fools fool you. They are the clever ones."
Re:Meh by von_rick · 2008-11-06 04:45 · Score: 2, Funny

Of course you can.
If you want to take it to its logical conclusion, you can make that person hand you all his passwords and personal information if you storm into his house swinging a baseball bat or a samurai sword. I have seen some hollywood movies where the the president hands over the codes to national treasury to criminal masterminds who threaten to detonate nuclear bombs in metropolitan areas during some ceremonial parade -- that is until the retarded hero (usually Bruce Willis) shows up.

--
Face your daemons!
Re:OHNOES! by Coraon · 2008-11-06 04:45 · Score: 4, Funny

I know I just got root access...BTW could you put in some bread? I'm trying to install pop-up's.

--
-Ours is the wisdom of Solomon, the magic of Merlyn, the fall of Icaris.
Re:I use ROT13 by ale_ryu · 2008-11-06 04:50 · Score: 2, Funny

Meh, that's nothing, I use DOUBLE ROT13. Learn 2 secure your data you n00b!

--
Check out my blog!
Re:Who uses TKIP instead of AES? by Anonymous Coward · 2008-11-06 04:53 · Score: 1, Funny

I herd you liek TKIPs
Re:WPA2 is NOT broken by sexconker · 2008-11-06 04:56 · Score: 4, Funny

Nerds like to sit.
You can sniff packets while sitting just about anywhere. In your kitchen. In your car. On the crapper.
To tap a line, you usually have to get up, and you often have to use some archaic toolset like Screw.Driver or Flash.Light that you haven't supported since 3 forks ago.
Re:WPA2 is NOT broken by MasterNetHead · 2008-11-06 05:20 · Score: 3, Funny

Its funny... my neighbors are probably thinking the same thing.
Re:Meh by monkeySauce · 2008-11-06 05:32 · Score: 4, Funny

Bah... cat5 is already broken, and cat5e is next.
Got to think cat6 at least, if not cat7. They're much thicker; harder to break.
Re:Secure Wi-Fi by Anonymous Coward · 2008-11-06 05:39 · Score: 2, Funny

My security is a lot simpler and more effective: one of my neighbors has an open WAP with "linksys" for an ssid.
Don't worry, I changed the default admin password for them.
Re:Meh by Otto · 2008-11-06 06:05 · Score: 3, Funny

You can even do it without physical access on cheap routers and/or modems, by pointing a good digital camera and a telescope at the blinkenlights on the front of them. :D

--
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Re:'Story' tag by athakur999 · 2008-11-06 06:06 · Score: 4, Funny

They should tagged it "tagged" if it is tagged and "!tagged" if it's not tagged.

--
"People that quote themselves in their signatures bother me" - athakur999
Re:Meh by Endo13 · 2008-11-06 06:19 · Score: 4, Funny

Apparently you just haven't watched enough movies. Obtaining physical access IS trivial. All you need is a hot chick to go swipe the security guard's badge that he conveniently left lying on his desk, and you're guaranteed access anywhere in the building.

--
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
Re:Meh by Endo13 · 2008-11-06 06:24 · Score: 4, Funny

Well duh, of course it's trivial. They're always swooning over you. (Well, except when they're pretending to fight with you, but even then they always come around just in time.) Haven't you learned anything from Hollywood??

--
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
Re:Who uses TKIP instead of AES? by psydeshow · 2008-11-06 06:27 · Score: 2, Funny

Look, obviously TKIP is more secure, becuase it has more letters.
You geek types are always saying I should use a longer password, right? This is the same thing.
And anyway, they wouldn't make it an option if it wasn't secure.
Re:Meh by fataugie · 2008-11-06 06:43 · Score: 5, Funny

Yeah, except smarts and hotness are inversly proportianal in most cases.
What good is getting access when the bubblehead can't figure out what a wiring closet looks like.

--

WTF? Over?
Re:Who uses TKIP instead of AES? by fataugie · 2008-11-06 06:47 · Score: 4, Funny

What's also funny is that my router gives me better throughput with WPA/AES than WEP
That's because your router is laughing at you using WEP in between encrypting/decrypting the packets....that's why it takes longer.

--

WTF? Over?
Cracked and Mad by Anonymous Coward · 2008-11-06 07:00 · Score: 1, Funny

If WPA is Cracked then is WPA2 Mad?
Re:Meh by RiotingPacifist · 2008-11-06 07:06 · Score: 3, Funny

hey its "yes, you can08" to meet the new stricter password requirements

--
IranAir Flight 655 never forget!
Obviously by spazdor · 2008-11-06 07:11 · Score: 3, Funny

over 9000.

--
DRM: Terminator crops for your mind!
Re:Meh by Killer+Orca · 2008-11-06 07:38 · Score: 2, Funny

Or I could just whip out my Mr. Fusion.
Is that what the kids are calling it nowadays?
Re:'Story' tag by arelas · 2008-11-06 07:57 · Score: 2, Funny

A hole even!
Re:Meh by Logic+and+Reason · 2008-11-06 10:31 · Score: 4, Funny

smarts and hotness are inversly proportianal
Wow, you must be really hot...
Re:Who uses TKIP instead of AES? by g-san · 2008-11-06 11:03 · Score: 2, Funny

LOL! Is there a patch for that? He probably just needs to pull the UDP plug out the bottom and let all the dropped packets drain out. Where do you think they go when they are "dropped?" Dropped packet buildup has killed more routers than I can count.