MacUpdate Weekend Sale :This weekend MacUpdate has slashed prices on Painter 12 and Painter Lite. Painter 12 retails for $429, but has been reduced by 54% to $199. Painter Lite has seen a 58% price cut from $69 to $29. Hurry, because these deals are only available until May 19th 2013.      
toggle

Crack breaks WPA-encrypted Wi-Fi in 1 minute

updated 10:45 pm EDT, Thu August 27, 2009

 

WPA 1 Minute Hack


Japanese researchers today revealed that they have developed a crack that can break WPA (Wireless Protected Access) encryption on a Wi-Fi network within a minute. Kobe University's Masakatu Morii and Hiroshima University's Toshihiro Ohigashi together developed a practical attack that exploits a vulnerability in the Temporal Key Integrity Protocol, or TKIP, that underlines WPA. While not providing full details of the attack for security reasons, the new approach is much faster than a previous technique that took between 12 and 15 minutes to expose the network.

The creators of the technique stressed that it won't work with WPA2, the second-generation wireless encryption method that uses the much toucher Advanced Encryption Standard (AES) at its root. AES is frequently used for safeguarding permanent storage, such as on some flash drives and in Apple's FileVault for Mac OS X. Virtually all routers and end devices that support 802.11g and 802.11n also support WPA2.

More details should become public at a Hiroshima conference on September 25th. There are no indications of a likely patch for routers or other Wi-Fi equipment.


By Electronista Staff

Post tools:

TAGS :  

industry, networking, FileVault, Apple

Related Articles

Recent Articles

toggle

Previous Comments

  1. lkrupp

    Junior Member

    Joined: May 2001

    +1
    08/28, 07:46am | report spam | reply

    So what!

    Most users are clueless and don't have ANY wireless encryption turned on in the first place. It's too much for their feeble minds to comprehend.


  1. testudo

    Forum Regular

    Joined: Aug 2001

    -3
    08/28, 08:28am | report spam | reply

    Re: So what!

    Or they just don't believe it is important.

    My brother laughs at everyone in my family with encryption turned on, and he ran an ISP where he lived for a long time, and has been working in computers for 30 years.


  1. ggirton

    Fresh-Faced Recruit

    Joined: Nov 1999

    +2
    08/28, 12:54pm | report spam | reply

    incorrectamundo!

    A walk through a surburban neighborhood with the dog, checking out the various home networks on my iPod Touch, reveals that most users DO have their encryption turned ON.

    In any urban area, ALL networks are typically encrypted, except of course for that of Testudo's wise old brother, who probably wonders from time to time why his network connection is slow, but then blames it on the cable company instead of the torrenting teenagers next door!


  1. elitree

    Fresh-Faced Recruit

    Joined: Aug 2009

    +4
    08/28, 04:50pm | report spam | reply

    small correction

    When the original TKIP crack came out last year, there was a lot of misinformation about WPA being insecure and WPA2 being completely secure. This article seems to have carried forward some of the misinformation.

    The TKIP protocol, which makes use of an not-secure-enough RC4 cipher, was required for inclusion in all WPA-certified routers. WPA-certified routers did not require the CCMP protocol, which uses the secure AES cipher. However, many (most?) WPA routers still included the CCMP protocol, even though it wasn't required for WPA certification.

    WPA2 certification, on the other hand, requires routers to include the secure CCMP protocol, but most (all?) WPA2 routers still included the insecure TKIP protocol.

    In other words, both insecure TKIP and secure CCMP are available for use on most WPA and WPA2-certified routers out there, and it's up to the router users to ensure that CCMP, not TKIP, is in use as the encryption protocol. But WPA is no less secure than WPA2--it's TKIP that's less secure than CCMP.

    See Security Now! Episode 170 for more detailed info.... thanks!


Login Here

Not a member of the MacNN forums? Register now for free.

Recently Commented Articles

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

Sponsor

 
toggle

Popular News