Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA2 Wireless Security Crackable WIth "Relative Ease"

Posted by timothy on from the relatively-absolute dept.

An anonymous reader writes "Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease [original, paywalled paper] by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware."

30 of 150 comments (clear)

  1. this is not news by Anonymous Coward · · Score: 5, Interesting

    This sounds like the classic de-auth, handshake capture, then brute force attack.

    It's still a bitch to crack without G.O. resources. Moxie has a service that will try for you...

    1. Re:this is not news by anubi · · Score: 5, Insightful

      I think of it as this way. We know our stuff is getting snooped and hacked into. Its high time EVERYBODY knows this stuff is NOT private.

      This forum, along with all the other times this has been discussed here on Slashdot, as well as other technical forums, provides evidence that may be one day very useful in a court of law if some copyright holder tries to prove an illegal download took place. If it took place through a wireless network, can it be proven who the recipient of the illegal download was?

      We can whine and complain all we want, but if business finds it cheaper to simply include hold harmless clauses in their terms than to provide a robust product, they will do so, but in doing so, they have also removed surety of proof of download for the high and mighty MAFIAA.

      The Copyright industry has spent millions of dollars to pamper Congressmen to pass law to make sure no-one can listen to a song unless terms of endearment are complied with... now they are finding out they just put a multimillion dollar lock on a cardboard door.

      We do not have the money it takes to pay for Congressmen. The copyright people seem to have unlimited money. Money to hire lots of lawyers and send lots of threat letters. Those letters will be ineffective as long as we have insecure systems and no-one can prove a thing. We may have a problem with insecure systems, and the MAFIAA has a hell of a problem.

      This kind of stuff gives everyone and his brother plausible deniability, which now means a total lack of accountability for online activity.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

    2. Re:this is not news by Neil+Boekend · · Score: 2

      A combination of dictionary words can be a strong password. This does require a large password field, but WPA 2 seems to support 64 characters so that's covered.
      A random set of dictionary words is easy to remember for a human and difficult to guess for a computer.
      We need to get away from insane password rules.
      1. A max length of below 32 characters is bullshit. Instead, set a minimum length of 16 characters and advise to use a few random words.
      2. Requiring non-alpahnumeric characters seems safe, but it moves the passwords away from words, thus it moves it to a less useful password style. Besides, the attacker knows this rule. So he'll try a dictionary attack with o's replaced with zeroes and stuff like that.
      3. ...
      4. Profit. Or at least less losses from theft.

      Face it. Most password rules do not create passwords that are easy to remember. They create passwords that are relatively easy to brute-force.

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
  2. Eh... by Anonymous Coward · · Score: 5, Insightful

    Reads article...

    Longer passwords make brute force cracking more difficult... Possible attack vector via the wireless de-authentication and re-authentication that WPA2 connections maintain for clients... With potential fast scanning and proper spoofing, an intruder could knife their way it...

    Why does this feel like nothing new?

  3. keep our wireless networks safe from hackers... by fustakrakich · · Score: 3, Insightful

    How do you keep something you never had?

    --
    “He’s not deformed, he’s just drunk!”
  4. Re:Expected by skids · · Score: 5, Informative

    Once quantum computing fully arrives, I guess encryption will be mostly moot.

    Bad guess

    --
    Someone had to do it.
  5. so? by the_Bionic_lemming · · Score: 4, Insightful

    Brute force attacks compromise simple passwords?

    This is news?

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  6. It's kind of silly to worry about by msobkow · · Score: 5, Insightful

    The only reason I encrypt my wifi connections is to prevent casual wanderers from connecting to my network and sucking up bandwidth. Any data that needs securing is encrypted by the computer, not by the modem/router.

    If I could get proper password protection without the encryption, I wouldn't bother encrypting the traffic. I could care less who snoops it -- so long as they're not sucking up bandwidth.

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:It's kind of silly to worry about by Anonymous Coward · · Score: 2, Insightful

      Uh, you're forgetting that a wifi connection is two way. If they can get onto your network, they're inside your hardware firewall. Better hope you have a good software firewall and/or that you don't have any exploitable services.

    2. Re:It's kind of silly to worry about by DarwinSurvivor · · Score: 2

      That still won't protect you from arp poisoning, DNS redirects (or direct forging), SSL Stripping, the list goes on.

    3. Re:It's kind of silly to worry about by Burz · · Score: 2

      That's why security is not a boolean. If you regard it as black-and-white, it'll drive you nuts.

      Be thankful you can at least whittle the trust issues down to things like switch vendors.

  7. Re:EAP? by skids · · Score: 4, Interesting

    Can't tell what exactly the paper is about due to a paywall and the fact that the article was written by someone not very techincal.

    EAP-TTLS, as long as you are validating the server certificate, is pretty safe. Safer with a locally managed CA and installed client cert, but at least as safe as the web browsing you'll be doing on it after connecting anyway. The safety advantage to WPA-Enterprise over WPA-PSK is mainly due to the fact that you don't have to distribute the same easily-cloned PSK to every client. In addition, if installing and validating client certificates (not the usual mode for EAP-TTLS) they can be locked to specific user accounts. For keeping out the riff-raff they can be locked to MAC addresses as well but that only serves to ban the amateurs.

    --
    Someone had to do it.
  8. Re:it's bad enough with regular passwords by Mashiki · · Score: 2

    You think that's bad? Wait until you run across the issue where your ISP doesn't even both to set up basic passwords on your wireless hub.

    --
    Om, nomnomnom...
  9. Re:MAC filtering and PSK by compro01 · · Score: 3, Insightful

    MAC filtering does nothing useful. You're shouting your MAC from the rooftops any time you're connected to the network, so cloning it is exercise in triviality for any attacker with an IQ greater than their hat size.

    --
    upon the advice of my lawyer, i have no sig at this time
  10. Re:Expected by ComputersKai · · Score: 3, Insightful
    Not when encryption methods that make use of quantum computing power come, like a permanently stalemated arms race.

    Just when you thought you've sharpened your spear to the finest, your opponent has fortified his shield to the fullest.

  11. Wireless Access Points = Hacker Access Points by millertym · · Score: 2

    If you are even the slightest bit concerned with the security of data on your network, isolate wireless completely from your secure data. In my very unscientific estimate it seems 90%+ of the usefulness of wireless is for just basic internet access for executive types anyhow who don't need to be checking production data.

  12. Re:Expected by AaronW · · Score: 2, Insightful

    Just use a one time pad. It's perfectly secure, even to quantum cryptography as long as the source is truly random. Creating a truly random number generator that takes advantage of quantum effects is not terribly difficult. Many modern CPUs now have this support built-in. The only weak point is how you get the one time pad to both locations and that it can only be used once. Even this is possible by having multiple pads sent via different methods and XORing them together at the destination. In order to crack it all copies would have to be intercepted and copied though additional security measures could be added to make even this difficult.

    --
    This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
  13. Re:MAC filtering and PSK by Concerned+Onlooker · · Score: 4, Funny

    Ooops. I'm going to have to get a smaller hat.

    --
    http://www.rootstrikers.org/
  14. Re:it's bad enough with regular passwords by fnj · · Score: 2

    Use a long passphrase. Might I suggest battery horse correct staple?

    You insensitive clod! You just blabbed my password. Now I'll have to change it to capacitor mule wrong nail.

    Oh wait ...

  15. Re:why crack my Wi-Fi by davidhoude · · Score: 2

    Because SSL on Open WiFi is fool proof....

    He was correct. While you are also correct, you failed to see the attack vector. If the network is not secure, your SSL may not be effective, at least not for all users.

  16. Re:EAP? by WaffleMonster · · Score: 4, Interesting

    I understand this is about recovering the PSK. This would mean that authentication using a certificate, such as EAP-TTLS is still safe. Correct?

    I would say in practice "enterprise" password authentication via TLS (PEAP-* and TTLS-*) is the least secure authentication method for the simple reason virtually no client is configured properly to validate both certificate and identity.

    The end result TLS is effectively subject to MITM attack for the overwhelming majority of clients...leaving squishy inner PEAP/TTLS authentication protocol (all completely worthless)

    In my view EAP-TLS with mutual certificate authentication is still the most secure authentication option available.

    Stanford's SRP protocol would be awesome to protect WPA passwords I believe it could be implemented with minimal changes to existing TLS stacks ... simply do TLS-SRP via EAP-TLS EAP method instead of the cert auth ... you get secure password authentication without the offline attack vector, or having to implement a new EAP method from scratch.

  17. Re:EAP? by WaffleMonster · · Score: 2

    You mean that clients do not check proper certificate signature by the CA?

    The main problem is not so much CA validation but lack of a global namespace.

    When I type https://www.securesite.com/ into my browser the only certificates my browser accepts are the ones explicitly for www.securesite.com... certs for www.someothersite.com don't work.

    With EAP authentication no such check is done automatically by default. To be secure the client must explicitly select a CA **AND** certificate identity (e.g. www.securesite.com) ... otherwise you might well be presented with a valid certificate.... yet you won't know if it is one legitimately assigned to an attacker. Attackers after all can buy SSL certs the same as you or I.

    In too many cases the extra work is simply asking too much of the user... some mobile clients are not even able to provide necessary configuration options to secure it.

  18. Re:Expected by Anonymous Coward · · Score: 4, Insightful

    One-time pad truly means one-time pad however. That means a new pad for every single transmission - that's why it becomes untenable.

    On the other hand, the way network encryption works is typically this:
    (1) Use asymmetric encryption once to securely deliver the remote computer the key to a symmetric algorithm.
    (2) Use the symmetric key for the remainder of the communication.

    It's possible that RSA is compromised, or that a G.O. has the means to cracking it via an unpublished mathematical discovery, but there are other asyms out there.

  19. Re:MAC filtering and PSK by koinu · · Score: 2

    MAC filtering even lowers security. Some lazy crackers might have not changed their MAC when they are attacking and it could be easier to identify them next time. When they are spoofing MACs they use your own MACs which they see on your network. You basically (could) lose information about the attackers. And this is bad.

  20. Re:Expected by SuricouRaven · · Score: 2

    I can imagine a VPN server with a rack of slots for those (Probably just read-only USB mass storage interface). Give one to the VPN, one to the person going on their trip or working at home. You'd need to send out a new key every now and again, but if a key is good for a couple of months (Doable) then it becomes quite reasonable.

  21. Encrypted Management Frames by Anonymous Coward · · Score: 2, Informative

    It's called 802.11w and introduces encryption on management frames (so de-auth attack is out), this problem is solved. It's up to vendors/developers to implement it.

  22. Re:why crack my Wi-Fi by SuricouRaven · · Score: 2

    SSL is designed to operate over insecure networks. That's the idea.

  23. Re:What has limited the attack number in WPA-PSK? by Anonymous Coward · · Score: 2, Informative

    Nobody knows what they did, because their paper is paywalled. From afar, it looks like the a compilation of standard attack methods. The WLAN standard uses unencrypted deauthentication packets, which enables an attacker to kick anyone from the network without knowing the network's encryption key. This can be used in a denial-of-service fashion, where the attacker continously deauths everyone, so that nobody can use the network. Or it can be used once on the victim: The victim will automatically reconnect to the network, which gives the attacker an opportunity to capture the handshake which includes the key negotiation. The attacker can then use this recording to perform an offline brute force attack to find the key. If the attacker guesses the key, he's in.

    Without using deauth, the attacker would just have to wait until the victim connects to the network on its own. That's not going to stop a determined attacker, i.e. one who attempts a brute force attack on WPA-PSK.

    Long story short: If that's it (I don't see any hint that it's not), then a sufficiently random pre-shared-key prevents a successful attack.

  24. Relative Ease compared to What? by craighansen · · Score: 3, Informative

    TFAbstract says that WPA2 can be cracked with brute force search, and that long passwords are more secure than short ones. Looking up the home pages of these internationally renowned researchers http://www.brunel.ac.uk/bbs/pe... http://issel.ee.auth.gr/people... http://www.research.lancs.ac.u... reveals that these three claim no other security-focused publications. But perhaps I'm too quick to judge. Somebody pay the man and read their paper. Or is this the two-step get-rich-quick scheme?: - (1) Publish Paywalled Article Exposing Security Holes in Commonly-Used Security Protocol (2) Profit! (PPAESHiCUSP-P)

  25. Re:Expected by AaronW · · Score: 2

    They're not designed for systems but for embedded devices like firewalls, VPNs, routers, NAS, etc. They're expensive and have some very nice engines in them as well, such as the gzip engine that's 100 times as fast as software implementations, hardware pattern matching (regex) engines and content addressable memory support for firewalls and anti-virus, RAID engines for NAS to do RAID 5/6 calculations in hardware, encryption and hashing instructions, not to mention built-in support for 10 and 40Gbps Ethernet with a lot of packet acceleration. The chip of course will run Linux (Debian) and applications that run directly on top of the cores without an OS underneath for bare metal performance. The single threaded performance is a fair bit lower than an X86 based system which is why there are so many cores running in parallel. There's also a lot of special support for synchronization between the cores and various atomic instructions that have been added.

    While it is fully compatible with standard 64-bit MIPS there are a lot of additional instructions since MIPS allows you to do that (ARM does not allow manufacturers to add custom instructions).

    --
    This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.