Howdy, stranger! Ready to join the community? [log in]

New attack exploits WPA in 60 seconds

Robert Hallock August 27, 2009 12:14 PM ET in Tech

Japanese computer scientists claim that they’ve developed a new exploit (PDF) that will forge packets on a WPA-encrypted WiFi connections in about 60 seconds.

The exploit gives attackers a way to read small bursts of encrypted information sent between computers and routers that use WiFi Protected Access (WPA). The exploit was developed by Hiroshima University’s Toshihiro Ohigashi of Hiroshima University and Kobe University’s Masakatu Morii, both of whom will further discuss their findings at a September 25th conference in Hiroshima.

This paper has proposed a practical message falsification attack on any WPA implementation. Our attack is a method that applies the Beck-Tews attack to the MITM [man in the middle] attack, and can falsify an encrypted short packet (e.g. ARP packet). We have given a strategy for the MITM attack and the method for reducing the execution time of the attack. As a result, the execution time of our attack becomes about one minute in the best case. Therefore, our attack can execute on any WPA implementation, practically.

The new finding is an improvement to a 2008 WPA exploit known as the “Beck-Tews Attack” which could forge packets in about 15 minutes. Both Beck-Tews and the new exploit capitalize on small packets, such as ARP and DNS, to recover the keys used to encrypt individual packets. Armed with these keys, an attacker can intercept or falsify packets with little to no interruption to user services.

Though it all sounds rather scary, some sites have been playing up the insecurity angle without acknowledging the large caveats tangentially mentioned by the research paper:

  • This exploit can only be used to falsify short packets like DNS and ARP. While an attacker could theoretically redirect you to unsavory/malicious sites, the attacker does not have an open pipe to your WiFi data.
  • The exploit only works on WPA networks that use TKIP security keys as opposed to AES. Most residential routers allow you to choose between the two, and some even permit for AES+TKIP. WiFi users who have chosen WPA+AES or WPA2 are completely immune to the attack.

All in all it is an exciting (or frightening) development in the world of security research, but it’s still a far cry from the exploits that can bust WEP connections wide open in seconds.

Share |

6 Comments:

  1. MiracleManS
    Mediocrity Gets You Pears
    27 Aug '09, 1:12 pm

    Thank you for the breath of fresh air at the end Rob. Some people seriously overplay the danger of these attacks.

    Nice to see some journalistic integrity regarding these matters.

  2. Snarkasm
    The Photographer.
    27 Aug '09, 2:07 pm

    I just wanted to see who the "other sites" link pointed to, so I rolled over it, saw The Inq, and laughed hardcore when I caught "wpa-gone" as the article title.

  3. djmeph
    Newb
    27 Aug '09, 4:49 pm

    What's the reason for the added security with AES? Is that the shared key that gets re-generated every so often? Like every 30 seconds or so, right? Then you have the private network key which you create yourself. Am I right?

  4. Robert Hallock
    Cad
    27 Aug '09, 5:10 pm

    AFAIK, the key you supply to a WPA network is the cipher used to generate the actual key. TKIP and AES are simply different cryptosystems, and it appears TKIP has a flaw when it comes to generating the keys used to encrypt individual packets (the message check key).

  5. djmeph
    Newb
    27 Aug '09, 5:22 pm

    And the actual key gets re-generated regularly, correct?

  6. Robert Hallock
    Cad
    27 Aug '09, 5:31 pm

    That's correct. The paper specifies that a certain error occurs in the key generation in fairly regular intervals under TKIP.

Hey, be nice. Icrontic is full of good people, we promise.

New Features on Icrontic: