AfterDawn: Tech news
AfterDawn > News > Researchers find cracks in WPA wireless security

Researchers find cracks in WPA wireless security

Written by James Delahunty @ 09 Nov 2008 10:54 User comments (5)

Researchers find cracks in WPA wireless security Two researchers plan to provide details at next week's PacSec 2008 conference in Tokyo on how Wi-Fi Protected Access (WPA) is vulnerable to attack. Of course, this does not mean that WPA is as vulnerable to compromise in the same way that Wired-Equivalent Privacy (WEP) is, far from it in fact. The weakness in WPA is being reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications in less than 15 minutes.
The researchers found the weakness in the lesser of two WPA security protocol, Temporal Key Integrity Protocol (TKIP). Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network, according to SecurityFocus.

"The new attack on WPA is not a complete key recovery attack," Tews said in an email to SecurityFocus. "It just allows you to decrypt packets and inject packets with custom content. But there is only a single short-term key recovered during the attack."



More details of the attack:
http://www.securityfocus.com/news/11537

<Journey catalog track becomes first to 2 million downloads, legally >Sirius-XM channel merging to begin next week
Previous Next  

5 user comments

110.11.2008 16:22
Leningrad
Send private message to this user
Member

It wont be long before they crack LEAP and cisco will go whining.

210.11.2008 18:30
borhan9
Send private message to this user
AfterDawn Addict

So does this mean that it just basically goes against our internet quota?? Quite fasinating i will read on this has got me thinking.

310.11.2008 18:42
varnull
Inactive

They aren't telling you the full picture.. It's been possible to crack wpa-psk for ages.. You just need the time to sniff the communications for long enough and you well get the key req/ack pairing you need to spoof a valid network device.. It just takes waiting for a device wanting to connect.. say a laptop being booted while you are listening to the packets flying about... exactly the same way as with bluetooth.. except to actually get in the loop with that the handset needs to accept the connection... remember "press OK to accept incoming"?.. a router doesn't ask for that manual confirmation... get the reply string right and it is happy....and you just had both halves of that didn't you.. through your sniffer?

Again.. too much info.. shutting up now.

411.11.2008 02:02
onya
Inactive

Originally posted by Leningrad:
 It wont be long before they crack LEAP and cisco will go whining.


518.11.2008 09:21
hermes_vb
Send private message to this user
Senior Member

WPA is fine. The dangers of such a crack in the real world are minimum at best. If you are still worried about being hacked just use WPA2 with AES instead of TKIP.

Comments have been disabled for this article.

Latest news

VLC hits milestone: over 5 billion downloads VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31)
VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times.
1 user comment
Sideloading apps to Android gets easier, as Google settles its lawsuit Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09)
Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier.
8 user comments
Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments

Reviews

Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner
Samsung's Jet Bot 90 AI+ is a top-class robot vacuum cleaner that can avoid obstacles and empty its own dust container. Here we review the product.
1 user comment
Samsung Jet Bot 80+ review - excellent robot vacuum cleaner Samsung Jet Bot 80+ review - excellent robot vacuum cleaner
We review Samsung's Jet Bot 80+ robot vacuum cleaner over a period of three months.
1 user comment

Guides

GUIDE: Wi-Fi speeds are slow? Here are some tips GUIDE: Wi-Fi speeds are slow? Here are some tips
Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues.
1 user comment
HOWTO: Install Netflix App on rooted Android device HOWTO: Install Netflix App on rooted Android device
'This app is no longer compatible with your device. Contact the developers for more info.' If you are getting this message from Google Play when trying to install Netflix, then maybe this little guide can help you.
HOWTO: Boot Android device into Safe Mode HOWTO: Boot Android device into Safe Mode
Are you having trouble with your Android device? If you find that your device has become sluggish, is freezing, takes too long to boot or any of a host of other performance concerns, you may want to boot into Safe Mode.
What happens if you don't update Android? What happens if you don't update Android?
Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
Guide: Phone battery drains quickly - how to fix (iPhone / Android) Guide: Phone battery drains quickly - how to fix (iPhone / Android)
In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.

News archive

Sections:

Follow us:

© 1999-2024 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud