Wednesday, August 26, 2009

Successfully Attack WPA in a Minute or Less

When I took the SANS Network Security course on wireless security in 2006, we essentially learned how to attack and compromise various wireless security protocols and devices so that we would be able to protect our own infrastructure from similar weaknesses through better architecture and more robust hardening.

Back then, by capturing wireless packets of sufficient quantity, we were able to run various tools to crack WEP, WPA, WPA with TKIP, WIDS, & EAP, LEAP, PEAP, and so on.

For WPA specifically, it took a little time to capture an adequate amount of packets on which to run the cracking tools, so a successful compromise might take 15-20 minutes, depending on your processing power.

Now comes word out of the 2009 Joint Workshop on Information Security that WPA can quickly be defeated through a combination of man-in-the-middle (MITM) and the 2008 Becks-Tews attack.

This is not good news.

By overcoming the obstacle of time in capturing the packets, during which the victim might discover that something is amiss, this new attack scenario can be executed in as little as one minute as a best case, according to the paper's authors.

Now, the TKIP aspect of this is interesting, and experts have been saying for some time that WPA1 isn't secure enough for the enterprise, so I'm not certain this paper breaks fantastically new ground. The time factor for cracks of all kinds has been shrinking exponentially as better tools and increased computing power combine to give the advantage to the attacker.

Wireless security is a dynamic field and it's like a box of chocolates. From month to month, you never know what you're gonna get.

No comments:

Post a Comment

Please tell me what you think.