AfterDawn: Tech news
AfterDawn > News > Researchers find cracks in WPA wireless security

Researchers find cracks in WPA wireless security

Written by James Delahunty @ 09 Nov 2008 10:54 User comments (5)

Researchers find cracks in WPA wireless security Two researchers plan to provide details at next week's PacSec 2008 conference in Tokyo on how Wi-Fi Protected Access (WPA) is vulnerable to attack. Of course, this does not mean that WPA is as vulnerable to compromise in the same way that Wired-Equivalent Privacy (WEP) is, far from it in fact. The weakness in WPA is being reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications in less than 15 minutes.
The researchers found the weakness in the lesser of two WPA security protocol, Temporal Key Integrity Protocol (TKIP). Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network, according to SecurityFocus.

"The new attack on WPA is not a complete key recovery attack," Tews said in an email to SecurityFocus. "It just allows you to decrypt packets and inject packets with custom content. But there is only a single short-term key recovered during the attack."



More details of the attack:
http://www.securityfocus.com/news/11537

<Journey catalog track becomes first to 2 million downloads, legally >Sirius-XM channel merging to begin next week
Previous Next  

5 user comments

110.11.2008 16:22
Leningrad
Send private message to this user
Member

It wont be long before they crack LEAP and cisco will go whining.

210.11.2008 18:30
borhan9
Send private message to this user
AfterDawn Addict

So does this mean that it just basically goes against our internet quota?? Quite fasinating i will read on this has got me thinking.

310.11.2008 18:42
varnull
Inactive

They aren't telling you the full picture.. It's been possible to crack wpa-psk for ages.. You just need the time to sniff the communications for long enough and you well get the key req/ack pairing you need to spoof a valid network device.. It just takes waiting for a device wanting to connect.. say a laptop being booted while you are listening to the packets flying about... exactly the same way as with bluetooth.. except to actually get in the loop with that the handset needs to accept the connection... remember "press OK to accept incoming"?.. a router doesn't ask for that manual confirmation... get the reply string right and it is happy....and you just had both halves of that didn't you.. through your sniffer?

Again.. too much info.. shutting up now.

411.11.2008 02:02
onya
Inactive

Originally posted by Leningrad:
 It wont be long before they crack LEAP and cisco will go whining.


518.11.2008 09:21
hermes_vb
Send private message to this user
Senior Member

WPA is fine. The dangers of such a crack in the real world are minimum at best. If you are still worried about being hacked just use WPA2 with AES instead of TKIP.

Comments have been disabled for this article.

Latest news

Netflix buys HBO and Warner Bros studios Netflix buys HBO and Warner Bros studios (05 Dec 2025 8:04)
Netflix has won the bidding competition for media giant Warner Bros and will acquire HBO as well as the Warner Bros film studios.
Massive Android 0-day vulnerability found - here's what you should do immediately Massive Android 0-day vulnerability found - here's what you should do immediately (08 Nov 2025 5:35)
A very serious security flaw has been found in the Android operating system, allowing malicious code to be executed on a phone or tablet.
Review: Roborock Saros Z70 - robot vacuum with an arm Review: Roborock Saros Z70 - robot vacuum with an arm (20 Oct 2025 6:13)
In out in-depth review of Roborock Saros Z70 we put the robot vacuum through a 3 month test period, where we observed its work in normal home. The sci-fi -like arm of Z70 was a little bit disappointing, due its limited functionality.
End of an era: TiVo stops making DVRs End of an era: TiVo stops making DVRs (14 Oct 2025 4:12)
TiVo, once synonumous with digital TV recording in the United States and in select other countries, has stopped making DVR devices as of October, 2025.
Strava takes Garmin to court Strava takes Garmin to court (02 Oct 2025 2:30)
The world's perhaps best-known sports app developer Strava has filed a lawsuit against American sports watch manufacturer Garmin, accusing the company of patent infringement.
1 user comment

Reviews

Review: Roborock Saros Z70 - robot vacuum with an arm Review: Roborock Saros Z70 - robot vacuum with an arm
In out in-depth review of Roborock Saros Z70 we put the robot vacuum through a 3 month test period, where we observed its work in normal home. The sci-fi -like arm of Z70 was a little bit disappointing, due its limited functionality.
Roborock Saros 10 review - Great, but not perfect Roborock Saros 10 review - Great, but not perfect
We tested Roborock Saros 10 robot vacuum for more than two months in order to see whether it is really worth its hefty price tag. The mopping, self-emptying Saros 10 was mostly great, even perfect. But its object avoidance was bit disappointing.
1 user comment
Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum
We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.

Guides

Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix
Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems.
1 user comment
Does your phone rattle? Here's why it happens Does your phone rattle? Here's why it happens
When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should.
2 user comments
GUIDE: Wi-Fi speeds are slow? Here are some tips GUIDE: Wi-Fi speeds are slow? Here are some tips
Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues.
1 user comment
What IP rating for dust and water resistance means What IP rating for dust and water resistance means
An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean?
1 user comment
Guide: Phone battery drains quickly - how to fix (iPhone / Android) Guide: Phone battery drains quickly - how to fix (iPhone / Android)
In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.

News archive

Sections:

Follow us:

© 1999-2025 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud