Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Crack WPA Wi-Fi Encryption

Posted by CmdrTaco on from the now-they'll-know-my-secrets dept.

narramissic writes "Researchers Erik Tews and Martin Beck 'have just opened the box on a whole new hacker playground, says Dragos Ruiu, organizer of the PacSec conference. At the conference, Tews will show how he was able to partially crack WPA encryption in order to read data being sent from a router to a laptop. To do this, Tews and Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. 'Its just the starting point,' said Ruiu."

14 of 311 comments (clear)

  1. Meh by Anonymous Coward · · Score: 5, Interesting

    Cat5

  2. 'Story' tag by Anonymous Coward · · Score: 2, Interesting

    What's up with the 'story' tag? Perhaps we should also tag this 'words'?

  3. Who uses TKIP instead of AES? by LibertineR · · Score: 5, Interesting

    Is AES not the more secure of the two? From everything I have read, AES is the preffered option over TKIP.

    1. Re:Who uses TKIP instead of AES? by prayag · · Score: 2, Interesting

      I have a lot of problem connecting my XP box with AES encryption. If I use 3rd party, may be I could've but I changed my encryption to TKIP and it worked fine.

      So... There you go !!!

  4. It's a ploy! by dmomo · · Score: 3, Interesting

    OMG! We need routers w/ better encryption. Buy router company and encryption company stocks! Everyone run out to Best Buy and get a new router.

    Or, it just might be a real problem. /crumples tinfoil hat and pouts.

  5. Well duh... by Zakabog · · Score: 3, Interesting

    Does anyone seriously treat any wireless transmission as if it was secure? If anyone who cares to listen can easily pick up everything being sent from your computer it's only a matter of time and CPU power before they can read it.

    Yes I know, the article mentions they actually found a more efficient method of cracking WPA than a simple brute force attack, and that is a flaw in WPA not wireless security. Although while they may come up with new encryption methods I still don't trust wireless for much more than browsing slashdot or searching google. If I need to do anything that involves sensitive information like ordering something online I can wait to go to a wired desktop.

    1. Re:Well duh... by hairyfeet · · Score: 2, Interesting

      You'd be surprised how many times I've walked around the corner to the local cafe to get me a nice coffee and see folks doing their banking,using their CC,etc on the cafe free wifi. Hell I wouldn't even have to do packet sniffing on those that sit towards the center,as either of the two table nooks by the door allow me to see the screen and keyboard of anybody at the lower center tables quite easily. I think it is pretty obvious that folks don't have a clue when it comes to security in public.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  6. 'Its just the starting point,' by Keramos · · Score: 4, Interesting

    So, the headlines blare "WPA is cracked!!!!", but the researchers themselves say they haven't cracked the keys used to encrypt the data and all they have is a "starting point".

    So, how is WPA cracked and useless, again??

    I suppose maybe we'll see at the PacSec conference.

  7. why not RSA? by Lord+Bitman · · Score: 3, Interesting

    As a serious question, the ignorant wanting to be enlightened: Why don't wireless access points just use some well-known and tested public key encryption? What problem is being solved by WEP/WPA/etc which simply broadcasting (or for the paranoid: copying over with a USB key) a regular old public key wouldn't cover?

    --
    -- 'The' Lord and Master Bitman On High, Master Of All
  8. Re:Is it just me... by digitalchinky · · Score: 2, Interesting

    You bend fiber just right and you can sense and demodulate the data stream. Unfortunately the act of doing this can also be detected since it causes signal degradation. This doesn't imply that detection is always going to happen though.

  9. Comment removed by account_deleted · · Score: 3, Interesting

    Comment removed based on user account deletion

  10. Re:WPA2 is NOT broken by maztuhblastah · · Score: 4, Interesting

    Joe the Pedo cares a lot about getting free untraceable internet access.

    Oh no you don't. If the politicians don't get to use the "think of children" excuse to justify increased surveillance, shredding the Constitution, and guilty-until-proven-innocent, then we don't get to use it as an explanation for our security decisions. Let's not have a double standard here; one standard will do just fine.

    --
    The real litigious bastards...
  11. CAT5 in Australia by labnet · · Score: 2, Interesting

    And if you live in Australia it is *ILLEGAL* for you to run your own cat5 in dry wall. You need to have a special licence that not even electricians have.
    Welcome to the REAL nanny country!

    --
    46137
  12. Re:WPA2 is NOT broken by smellsofbikes · · Score: 2, Interesting

    The walls between *rooms* are made of *brick*?
    Wow.
    Renovation must be a bitch. A couple years ago, it took me about three hours to move a closet from *this* room to *that* room, with wooden walls, coz I could just rip off some sheetrock, cut out two studs, put in a header, put in two studs in the old doorway, and put up new drywall.
    It's also my (rather picky, admittedly) habit that when I walk into a room and try and turn on the lightswitch in the wrong place, well, it's not the wrong place, then is it? so I move the switch. Which, again, takes about an hour and a half, and then it's where I wanted it to be in the first place. When I move a computer from over *here* to over *there*, I move the power outlet (because I run a separate circuit for the computers, through a UPS) and the Cat5 outlet. I can't even imagine trying to deal with that with brick walls.

    --
    Nostalgia's not what it used to be.