Wednesday, August 26, 2009
Successfully Attack WPA in a Minute or Less
Back then, by capturing wireless packets of sufficient quantity, we were able to run various tools to crack WEP, WPA, WPA with TKIP, WIDS, & EAP, LEAP, PEAP, and so on.
For WPA specifically, it took a little time to capture an adequate amount of packets on which to run the cracking tools, so a successful compromise might take 15-20 minutes, depending on your processing power.
Now comes word out of the 2009 Joint Workshop on Information Security that WPA can quickly be defeated through a combination of man-in-the-middle (MITM) and the 2008 Becks-Tews attack.
This is not good news.
By overcoming the obstacle of time in capturing the packets, during which the victim might discover that something is amiss, this new attack scenario can be executed in as little as one minute as a best case, according to the paper's authors.
Now, the TKIP aspect of this is interesting, and experts have been saying for some time that WPA1 isn't secure enough for the enterprise, so I'm not certain this paper breaks fantastically new ground. The time factor for cracks of all kinds has been shrinking exponentially as better tools and increased computing power combine to give the advantage to the attacker.
Wireless security is a dynamic field and it's like a box of chocolates. From month to month, you never know what you're gonna get.