Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA2 Wireless Security Crackable WIth "Relative Ease"

Posted by timothy on from the relatively-absolute dept.

An anonymous reader writes "Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease [original, paywalled paper] by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware."

5 of 150 comments (clear)

  1. this is not news by Anonymous Coward · · Score: 5, Interesting

    This sounds like the classic de-auth, handshake capture, then brute force attack.

    It's still a bitch to crack without G.O. resources. Moxie has a service that will try for you...

    1. Re:this is not news by anubi · · Score: 5, Insightful

      I think of it as this way. We know our stuff is getting snooped and hacked into. Its high time EVERYBODY knows this stuff is NOT private.

      This forum, along with all the other times this has been discussed here on Slashdot, as well as other technical forums, provides evidence that may be one day very useful in a court of law if some copyright holder tries to prove an illegal download took place. If it took place through a wireless network, can it be proven who the recipient of the illegal download was?

      We can whine and complain all we want, but if business finds it cheaper to simply include hold harmless clauses in their terms than to provide a robust product, they will do so, but in doing so, they have also removed surety of proof of download for the high and mighty MAFIAA.

      The Copyright industry has spent millions of dollars to pamper Congressmen to pass law to make sure no-one can listen to a song unless terms of endearment are complied with... now they are finding out they just put a multimillion dollar lock on a cardboard door.

      We do not have the money it takes to pay for Congressmen. The copyright people seem to have unlimited money. Money to hire lots of lawyers and send lots of threat letters. Those letters will be ineffective as long as we have insecure systems and no-one can prove a thing. We may have a problem with insecure systems, and the MAFIAA has a hell of a problem.

      This kind of stuff gives everyone and his brother plausible deniability, which now means a total lack of accountability for online activity.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  2. Eh... by Anonymous Coward · · Score: 5, Insightful

    Reads article...

    Longer passwords make brute force cracking more difficult... Possible attack vector via the wireless de-authentication and re-authentication that WPA2 connections maintain for clients... With potential fast scanning and proper spoofing, an intruder could knife their way it...

    Why does this feel like nothing new?

  3. Re:Expected by skids · · Score: 5, Informative

    Once quantum computing fully arrives, I guess encryption will be mostly moot.

    Bad guess

    --
    Someone had to do it.
  4. It's kind of silly to worry about by msobkow · · Score: 5, Insightful

    The only reason I encrypt my wifi connections is to prevent casual wanderers from connecting to my network and sucking up bandwidth. Any data that needs securing is encrypted by the computer, not by the modem/router.

    If I could get proper password protection without the encryption, I wouldn't bother encrypting the traffic. I could care less who snoops it -- so long as they're not sucking up bandwidth.

    --
    I do not fail; I succeed at finding out what does not work.