New Improvements On the Attacks On WPA/TKIP 166
olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."
Does that mean... (Score:2, Interesting)
WEP is better? Has it always been better? I used WEP for the longest time until I figured I could set my own (short & easy) password with WPA.
Should I switch back? Not that I expect my neighbours to be leet hackers...
But one time not too long ago I logged into my one of my neighbours unsecured network (no idea who owned it) and noticed they had a printer on the network. So I downloaded the drivers off of HP and then sent a message to their printer telling them they should secure their wireless, and a website to show them how.
Now to you or I, this would seem like a noble act in educating people on good security measures, but everyone else (meaning not computer people) thought that this was an outright invasion of privacy and advised me "Never to attempt that kind of stunt again" (not that I'll listen to them).
Anyways, ever since then I've had this itching feeling that someones going to break into my wireless and show me whats what in a sort of karmic irony.
Just in time! (Score:5, Interesting)
The timing of this new attack could not have been better - the day after the UK government announces they want to introduce a "three strikes" rule before disconnecting suspected file-sharers.
I imagine this must be a massive headache for ISPs who have been shipping routers with WPA/TKIP enabled for compatibility (i.e. a lot of them). Suddenly their routers need remotely updating and they have to hope that most of their customer's wifi drivers will cope with the move to AES.
Re:New Improved Attacks on Obsolete Standards! (Score:3, Interesting)
Please provide your definition "obsolete."
Google provides disused: no longer in use; "obsolete words"
WEP isn't even obsolete, let alone WPA. Many people still use "old" standards. Not everyone keeps up to date with the latest wireless security. Many have unsecured networks. Many use WEP just to keep off annoying neighbors. I don't know anyone that uses WPA2+AES at home. I take it back, I do know one person that does.
Re:Does that mean... (Score:2, Interesting)
Re:Does that mean... (Score:4, Interesting)
Yes, you're absolutely correct. However, the question was "now that WPA/TKIP is broken, is WEP more secure than it?"
WPA/TKIP has vulnerabilities inherited from WEP, yes, but those vulnerabilities are still hidden behind a layer that, for now, is still protective. Trouble is, people are starting to discover larger and larger vectors for inserting attacks.
The shields are still holding - I haven't heard of a successful data breach or DNS spoof on a WPA/TKIP (someone correct me if there is an actual working breach out there), and there are measures that can be taken (turn off QoS/WMM, update your client stack) that will close the holes.
But only FOR NOW. Upgrading to AES is the correct answer.
Downgrading to WEP is not the correct answer, unless the question is "What security protocol is the easiest to break?"
Re:Nothing to see, move along (Score:3, Interesting)
Re:Does that mean... (Score:3, Interesting)
And for the love of Pete, switch to a longer password with some nice scrunchy numbers, letters (upper and lower) and a few special characters. [..snip]..Seriously secure password, and you're going to remember the hell out of it. Of course, it helps if you use something memorable to you.
Then you'll never go around saying "Amazing! That's the exact same combination I have on my luggage!"
I have my router set up without a password, and the SSID set to "Bring beer to Apt. 243".
Since then, I've had the pleasure of meeting a few of my neighbors and drinking beer with them.