Results 1 to 14 of 14

Thread: Made for speedguide NEWS - WPA cracked

  1. #1
    SG Enthusiast Think's Avatar
    Join Date
    Sep 2001
    Posts
    2,283

    Made for speedguide NEWS - WPA cracked

    May want to post this on the main news page:

    http://www.pcmag.com/article2/0,2817,2334150,00.asp

    Two researchers from the Technical University of Darmstadt, Germany, have discovered a method of bypassing the Wi-Fi Protected Access (WPA) encryption used by many wireless routers.

    The exploit takes advantage of a weakness on networks that use WPA with TKIP (Temporal Key Integrity Protocol, a security algorithm based on key switching that is used to strengthen the WPA encryption) by circumventing the algorithm that encrypts the Wi-Fi data packets. Researchers Erik Tews and Martin Beck, who are members of the ethical hacking group known as Aircrack-ng, have not only discovered how to bypass WPA, they've also created a tool to do so. They plan to release the tool at the PacSec conference next week in Tokyo, Japan, Aircrack-ng member Rick Farina confirmed to PC Magazine on Friday.

    With the exploit tool in hand, hackers will be able break into networks that have WPA with TKIP encryption. TKIP is a predecessor of AES and was developed to overcome the flaw with WEP [Wired Equivalent Private] security. WPA is essentially WEP with a couple of fixes. The TKIP algorithm rotates keys between clients and access points after enough packets pass between them. By default, most routers on the market change the keys every couple of hours. The exploit takes advantage of this data flowing to and from access points and masquerades its packets by inserting its own and passing them to clients. The packet insertion bypasses the countermeasures used by routers can catch the malicious activity. From a computer's point of view, the data packets appear to belong to a legitimate access point. According to Farina, just seven packets are needed to gain access to a computer.

    Researchers found it even easier to gain access to wireless networks that are using QoS [Quality of Service]. Networks that mix data and voice packets often rely on QoS to prioritize the voice data. However, data packets with QoS are rearranged in sequential order so that they travel faster and are received efficiently. The protection algorithm used by TKIP was relaxed to allow for QoS.

    As the exploit tool gains access to a computer, hackers can easily inject new packets and install and execute tools such as Metasploit that can give them permanent access. Metasploit is a large toolkit for testing exploits and it uses well known exploits in its arsenal. Rick said, "With 2 or 3 packets you can fit most tools in the Metasploit toolkit," Farina said.

    Because the exploit is specific, users simply need to change the WPA encryption to work with AES or change it to the much more hardened WPA2. If your router doesn't support WPA2, the best course of action is to shorten the timing of the TKIP in the routers, so that keys are refreshed every two minutes or less. The fast refresh makes it harder but not impossible for hackers to gain access. The best course of action, however, is to buy a new router that supports WPA2.
    got old



  2. #2
    Ohh Hell yeah.. Sava700's Avatar
    Join Date
    Feb 2002
    Location
    Somewhere
    Posts
    24,052
    http://www.speedguide.net/submit.php


    Its like building the better mouse trap... but in this case I don't think I'll worry cause those most likely in this area to steal wireless are those that don't know any better and just see a signal and think "Ohh Hey Free internet!"

  3. #3
    SG Enthusiast Think's Avatar
    Join Date
    Sep 2001
    Posts
    2,283
    Quote Originally Posted by Sava700 View Post
    http://www.speedguide.net/submit.php


    Its like building the better mouse trap... but in this case I don't think I'll worry cause those most likely in this area to steal wireless are those that don't know any better and just see a signal and think "Ohh Hey Free internet!"
    Done
    got old



  4. #4
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    69,992
    WPA is old anyway, even without this tool its easy to crack. WPA2 is really a must. Even that can be broken though.

  5. #5
    SG Enthusiast Think's Avatar
    Join Date
    Sep 2001
    Posts
    2,283
    Quote Originally Posted by YARDofSTUF View Post
    WPA is old anyway, even without this tool its easy to crack. WPA2 is really a must. Even that can be broken though.
    Hi YOS. Is there a sticky on How to?
    got old



  6. #6
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    69,992
    Quote Originally Posted by Think View Post
    Hi YOS. Is there a sticky on How to?
    Certainly not on this site. LOL

  7. #7
    Maneater JawZ's Avatar
    Join Date
    Feb 2001
    Posts
    21,941
    Ethical hacking group that releases an exploit toolkit?

    ...formerly the omnipotent UOD

  8. #8
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    69,992
    Quote Originally Posted by UOD View Post
    Ethical hacking group that releases an exploit toolkit?
    They never say exactly HOW ethical they are though.

  9. #9
    Maneater JawZ's Avatar
    Join Date
    Feb 2001
    Posts
    21,941
    Quote Originally Posted by YARDofSTUF View Post
    They never say exactly HOW ethical they are though.

    I'm 99.666% evil.

    ...formerly the omnipotent UOD

  10. #10
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,446
    Blog Entries
    6
    The idea is that making exploits public prompts security fixes and improving security design.

    Security through obscurity is not really good practice.

  11. #11
    SG Enthusiast Think's Avatar
    Join Date
    Sep 2001
    Posts
    2,283
    Quote Originally Posted by YARDofSTUF View Post
    Certainly not on this site. LOL
    I meant to establish a secure wireless setup to prevent such exploits - not to hack into one.
    got old



  12. #12
    Second Most EVIL YARDofSTUF's Avatar
    Join Date
    Nov 2000
    Location
    USA
    Posts
    69,992
    Theres a couple related stickies in the wireless forum.

    Basically, set your own SSID, and use WPA2 and AES 63 character, or close key.

  13. #13
    Ft. Couch! morbidpete's Avatar
    Join Date
    Mar 2002
    Location
    W. Warwick RI
    Posts
    7,277
    wpa and wep are easy enough to crack with backtrack 2&3 (im a fan of 2, 3 got rid of replay_ng for some reason) not one app to do it. even better.

    posted from wpa2 tkip. guess ill be switching to aes lol

  14. #14
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,912
    It's not really a full blown crack....it's more just a partial crack in the door for now...
    http://wifinetnews.com/archives/008500.html
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •