Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA2 Wireless Security Crackable WIth "Relative Ease"

Posted by timothy on from the relatively-absolute dept.

An anonymous reader writes "Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease [original, paywalled paper] by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware."

14 of 150 comments (clear)

  1. this is not news by Anonymous Coward · · Score: 5, Interesting

    This sounds like the classic de-auth, handshake capture, then brute force attack.

    It's still a bitch to crack without G.O. resources. Moxie has a service that will try for you...

    1. Re:this is not news by anubi · · Score: 5, Insightful

      I think of it as this way. We know our stuff is getting snooped and hacked into. Its high time EVERYBODY knows this stuff is NOT private.

      This forum, along with all the other times this has been discussed here on Slashdot, as well as other technical forums, provides evidence that may be one day very useful in a court of law if some copyright holder tries to prove an illegal download took place. If it took place through a wireless network, can it be proven who the recipient of the illegal download was?

      We can whine and complain all we want, but if business finds it cheaper to simply include hold harmless clauses in their terms than to provide a robust product, they will do so, but in doing so, they have also removed surety of proof of download for the high and mighty MAFIAA.

      The Copyright industry has spent millions of dollars to pamper Congressmen to pass law to make sure no-one can listen to a song unless terms of endearment are complied with... now they are finding out they just put a multimillion dollar lock on a cardboard door.

      We do not have the money it takes to pay for Congressmen. The copyright people seem to have unlimited money. Money to hire lots of lawyers and send lots of threat letters. Those letters will be ineffective as long as we have insecure systems and no-one can prove a thing. We may have a problem with insecure systems, and the MAFIAA has a hell of a problem.

      This kind of stuff gives everyone and his brother plausible deniability, which now means a total lack of accountability for online activity.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  2. Eh... by Anonymous Coward · · Score: 5, Insightful

    Reads article...

    Longer passwords make brute force cracking more difficult... Possible attack vector via the wireless de-authentication and re-authentication that WPA2 connections maintain for clients... With potential fast scanning and proper spoofing, an intruder could knife their way it...

    Why does this feel like nothing new?

  3. keep our wireless networks safe from hackers... by fustakrakich · · Score: 3, Insightful

    How do you keep something you never had?

    --
    “He’s not deformed, he’s just drunk!”
  4. Re:Expected by skids · · Score: 5, Informative

    Once quantum computing fully arrives, I guess encryption will be mostly moot.

    Bad guess

    --
    Someone had to do it.
  5. so? by the_Bionic_lemming · · Score: 4, Insightful

    Brute force attacks compromise simple passwords?

    This is news?

    --
    _ _ _ Go for the eyes Boo! GO FOR THE EYES!
  6. It's kind of silly to worry about by msobkow · · Score: 5, Insightful

    The only reason I encrypt my wifi connections is to prevent casual wanderers from connecting to my network and sucking up bandwidth. Any data that needs securing is encrypted by the computer, not by the modem/router.

    If I could get proper password protection without the encryption, I wouldn't bother encrypting the traffic. I could care less who snoops it -- so long as they're not sucking up bandwidth.

    --
    I do not fail; I succeed at finding out what does not work.
  7. Re:EAP? by skids · · Score: 4, Interesting

    Can't tell what exactly the paper is about due to a paywall and the fact that the article was written by someone not very techincal.

    EAP-TTLS, as long as you are validating the server certificate, is pretty safe. Safer with a locally managed CA and installed client cert, but at least as safe as the web browsing you'll be doing on it after connecting anyway. The safety advantage to WPA-Enterprise over WPA-PSK is mainly due to the fact that you don't have to distribute the same easily-cloned PSK to every client. In addition, if installing and validating client certificates (not the usual mode for EAP-TTLS) they can be locked to specific user accounts. For keeping out the riff-raff they can be locked to MAC addresses as well but that only serves to ban the amateurs.

    --
    Someone had to do it.
  8. Re:MAC filtering and PSK by compro01 · · Score: 3, Insightful

    MAC filtering does nothing useful. You're shouting your MAC from the rooftops any time you're connected to the network, so cloning it is exercise in triviality for any attacker with an IQ greater than their hat size.

    --
    upon the advice of my lawyer, i have no sig at this time
  9. Re:Expected by ComputersKai · · Score: 3, Insightful
    Not when encryption methods that make use of quantum computing power come, like a permanently stalemated arms race.

    Just when you thought you've sharpened your spear to the finest, your opponent has fortified his shield to the fullest.

  10. Re:MAC filtering and PSK by Concerned+Onlooker · · Score: 4, Funny

    Ooops. I'm going to have to get a smaller hat.

    --
    http://www.rootstrikers.org/
  11. Re:EAP? by WaffleMonster · · Score: 4, Interesting

    I understand this is about recovering the PSK. This would mean that authentication using a certificate, such as EAP-TTLS is still safe. Correct?

    I would say in practice "enterprise" password authentication via TLS (PEAP-* and TTLS-*) is the least secure authentication method for the simple reason virtually no client is configured properly to validate both certificate and identity.

    The end result TLS is effectively subject to MITM attack for the overwhelming majority of clients...leaving squishy inner PEAP/TTLS authentication protocol (all completely worthless)

    In my view EAP-TLS with mutual certificate authentication is still the most secure authentication option available.

    Stanford's SRP protocol would be awesome to protect WPA passwords I believe it could be implemented with minimal changes to existing TLS stacks ... simply do TLS-SRP via EAP-TLS EAP method instead of the cert auth ... you get secure password authentication without the offline attack vector, or having to implement a new EAP method from scratch.

  12. Re:Expected by Anonymous Coward · · Score: 4, Insightful

    One-time pad truly means one-time pad however. That means a new pad for every single transmission - that's why it becomes untenable.

    On the other hand, the way network encryption works is typically this:
    (1) Use asymmetric encryption once to securely deliver the remote computer the key to a symmetric algorithm.
    (2) Use the symmetric key for the remainder of the communication.

    It's possible that RSA is compromised, or that a G.O. has the means to cracking it via an unpublished mathematical discovery, but there are other asyms out there.

  13. Relative Ease compared to What? by craighansen · · Score: 3, Informative

    TFAbstract says that WPA2 can be cracked with brute force search, and that long passwords are more secure than short ones. Looking up the home pages of these internationally renowned researchers http://www.brunel.ac.uk/bbs/pe... http://issel.ee.auth.gr/people... http://www.research.lancs.ac.u... reveals that these three claim no other security-focused publications. But perhaps I'm too quick to judge. Somebody pay the man and read their paper. Or is this the two-step get-rich-quick scheme?: - (1) Publish Paywalled Article Exposing Security Holes in Commonly-Used Security Protocol (2) Profit! (PPAESHiCUSP-P)