A New Wi-Fi Exploit, Limited But Clever

eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His 'Enhanced TKIP Michael Attacks' still don't allow extraction of a key, and are limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client — all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still be using." Here is Beck's paper (PDF) describing the new attacks.

Re:Just use SSL over L2TP over IPsec over WPA

Alice? Alice, is that you?

We were using SSL over L2TP over WPA over IPsec. Who else have you been seeing?

Bob

Re:Use a MAC address filter

[Bert64]

Hiding your SSID can actually be detrimental...
If your SSID is open, then your machine can see its broadcasts and connect to it... If the SSID is hidden, then your machine has to probe for it by name.. Meaning that if your machine is away from its usual location, you can see what network its looking for...

If the SSID is hidden, then someone trying to break into it just needs to sniff traffic for a while to get the SSID anyway.

Re:Use a MAC address filter

[DMUTPeregrine]

When the MAC filter fails, you still have the other. If WPA2 fails, you have nothing, because the MAC filter is effectively worthless.