The Register® — Biting the hand that feeds IT

Feeds

WPA keys gone in 60 seconds

Time to move to WPA 2

Magic Quadrant for Enterprise Backup/Recovery

Networking nerds claim to have devised a way of breaking Wi-Fi Protected Access (WPA) encryption within 60 seconds.

The technique, developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, is based on the established Becks-Tews method, which involves making minor changes to packets encrypted with TKIP - Temporal Key Integrity Protocol, a WPA security mechamism - and then sending those packets back to the access point.

However, the Becks-Tews method is known to take anywhere between ten and 15 minutes to execute.

In a recently released paper, Ohigashi and Morii proposed a man-in-the-middle style of attack – also used by the Beck-Tews approach – in which a user’s communication is intercepted by an attacker.

This approach carries a high risk of detection, the pair admitted, so being able to shorten the attack time down to under one minute is a major advantage – to potential hackers, at least.

Ohigashi’s and Morii’s technique doesn’t work in WPA 2 – the AES-based successor to WPA.

The pair will formally unveil their technique at a conference in Hiroshima, Japan late next month. ®

Agentless Backup is Not a Myth

Latest Comments

WRONG

Read the paper - neither this nor Beck-Tews can recover WPA keys. You can falsify ARP packets, which is fairly significant but a world away from recovering the key and being able to read all traffic in clear. "37% of WPA-TKIP encrypted ARP can be read and falsified in best case time of 60 seconds" is very different to the message that the media has portrayed. Disappointing reporting!!

0
0

Re: Brett 1

A novice couldn't do it, but the only reason for that is it has not been pre-packaged into an easy to use GUI for Windows. If someone did that then people would be under a lot more pressure to use more secure methods.

I know very little about how the methods work, but I managed to hack three of my neighbours and steal their internets (and also took control of the router admin so that I could open some ports for my torrents - BT Home Hub had loads of vulnerabilites).

I used aircrack-ng, which is a command line tool for Linux that basically does it all for you, although it doesn't hold your hand. It took a bit of working out, but there are tutorials out there.

People think they are safe but you don't know who your neighbour is. It might be me.

0
0

driveby 4tw...

as someone who has on occasion done a bit of drive by web access out of hours in times gone by.

i can confirm that them dumb AP's that blast out thier signal at max strength with a range of 100m+, sure are a boon to those of us who cannot afford to be camped out directly on the owners doorstep just to get a bit of RPG/web action.

oh and a multi-boot netbook is more than enough to do the hunting and key breaking in linux and RPG avatar web abuse in m$....

Yarrrr,,,,,,

0
0

More from The Register

1,000 O2 staff chose redundancy over Capita
Betrayal, or just decent terms?
Google launches broadband balloons, radio astronomy frets
A careless Loon could blind the square kilometre array
 breaking news
Pttow! Ofcom kicks hams out of MoD bands
Geet off my land, you, you ... 'secondary user'
 breaking news
Now you can use your phone instead of your wallet at the ATM, too
Blimey, these little paper towels out of the vending machine are really expensive
 breaking news
UK.gov's £530m bumpkin broadband rollout: 'Train crash waiting to happen'
Whitehall whispers of damning watchdog report next month
 breaking news
MySpace zaps millions of teens' tearful rants, causes wave of angst
'Your crappy redesign SUCKS, I wanna read my blogs' screech users
 breaking news
Microsoft Office 365 on iPhone NOW: No, we're not making this up
Word, Excel, Powerpoint for your pocket-stroker
 breaking news
EU signs off on eCall emergency-phone-in-every-car plan
GPS and a mobe in every car - do you suppose the NSA would fancy that?