Mobile/PDA About Us Advertise here


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.

Browse by topic

News

Researchers find cracks in WPA wireless security

9 November 2008 22:54 by James "Dela" Delahunty | 5 comments

Two researchers plan to provide details at next week's PacSec 2008 conference in Tokyo on how Wi-Fi Protected Access (WPA) is vulnerable to attack. Of course, this does not mean that WPA is as vulnerable to compromise in the same way that Wired-Equivalent Privacy (WEP) is, far from it in fact. The weakness in WPA is being reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications in less than 15 minutes.

The researchers found the weakness in the lesser of two WPA security protocol, Temporal Key Integrity Protocol (TKIP). Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network, according to SecurityFocus.

"The new attack on WPA is not a complete key recovery attack," Tews said in an email to SecurityFocus. "It just allows you to decrypt packets and inject packets with custom content. But there is only a single short-term key recovered during the attack."

More details of the attack:
http://www.securityfocus.com/news/11537

Permalink to this article

Free Wi-Fi at McDonald's for Zune users (17 September 2008)

« Previous news article
Journey catalog track becomes first to 2 million downloads, legally

Next news article »
Sirius-XM channel merging to begin next week

Post your comment

Discuss this article!
Leningrad (Member) 10 November 2008 16:22
It wont be long before they crack LEAP and cisco will go whining. [ + quote]
borhan9 (AfterDawn Addict) 10 November 2008 18:30
So does this mean that it just basically goes against our internet quota?? Quite fasinating i will read on this has got me thinking. [ + quote]
varnull (Inactive) 10 November 2008 18:42
They aren't telling you the full picture.. It's been possible to crack wpa-psk for ages.. You just need the time to sniff the communications for long enough and you well get the key req/ack pairing you need to spoof a valid network device.. It just takes waiting for a device wanting to connect.. say a laptop being booted while you are listening to the packets flying about... exactly the same way as with bluetooth.. except to actually get in the loop with that the handset needs to accept the connection... remember "press OK to accept incoming"?.. a router doesn't ask for that manual confirmation... get the reply string right and it is happy....and you just had both halves of that didn't you.. through your sniffer? Again.. too much info.. shutting up now. Free open source software = made by end users who want an application to work. The flower of carnage-shura no hana.. [ + quote]
onya (Inactive) 11 November 2008 2:02
*Originally posted by Leningrad:* It wont be long before they crack LEAP and cisco will go whining. [ + quote]
hermes_vb (Senior Member) 18 November 2008 9:21
WPA is fine. The dangers of such a crack in the real world are minimum at best. If you are still worried about being hacked just use WPA2 with AES instead of TKIP. [ + quote]