A New Wi-Fi Exploit, Limited But Clever

Posted by kdawson on Saturday February 27, 2010 @07:32AM from the out-of-thin-air dept.

eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His 'Enhanced TKIP Michael Attacks' still don't allow extraction of a key, and are limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client — all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still be using." Here is Beck's paper (PDF) describing the new attacks.

3 of 77 comments (clear)

Min score:

Reason:

Sort:

Re:Just use SSL over L2TP over IPsec over WPA by Anonymous Coward · 2010-02-27 07:55 · Score: 5, Funny

Alice? Alice, is that you?

We were using SSL over L2TP over WPA over IPsec. Who else have you been seeing?

Bob
Re:Use a MAC address filter by Anonymous Coward · 2010-02-27 09:56 · Score: 2, Funny

Not broadcasting is even more dangerous, as someone can set up a network with the same ID that does broadcast, and potentially capture your traffic without your knowledge.
Really? I don't think anybody else would choose "Linksys" as an SSID, would they?
Re:Just use SSL over L2TP over IPsec over WPA by Anonymous Coward · 2010-02-27 10:15 · Score: 2, Funny

My services as a private investigator are available at a very reasonable price, should you wish them.
Eve