A New Wi-Fi Exploit, Limited But Clever 77
eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His 'Enhanced TKIP Michael Attacks' still don't allow extraction of a key, and are limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client — all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still be using." Here is Beck's paper (PDF) describing the new attacks.
Just use SSL over L2TP over IPsec over WPA (Score:1, Funny)
That's what I always do.
Re:Just use SSL over L2TP over IPsec over WPA (Score:5, Funny)
We were using SSL over L2TP over WPA over IPsec. Who else have you been seeing?
Bob
Re: (Score:2, Funny)
My services as a private investigator are available at a very reasonable price, should you wish them.
Eve
Re: (Score:1)
Alice? Alice, is that you?
We were using SSL over L2TP over WPA over IPsec. Who else have you been seeing?
Bob
You don't want to know.
Trust me.
Trent
A Little Help Please (Score:1, Funny)
Re: (Score:1)
Re: (Score:2)
i herd u dont liek TKIPs?
Re: (Score:1, Funny)
Re:Use a MAC address filter (Score:4, Informative)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Actually, broadcasting your SSID can stop (some) hackers. Especially if you choose one like "NSA Honeypot".
Re: (Score:2)
Re: (Score:2, Funny)
Not broadcasting is even more dangerous, as someone can set up a network with the same ID that does broadcast, and potentially capture your traffic without your knowledge.
Really? I don't think anybody else would choose "Linksys" as an SSID, would they?
Re: (Score:1)
Really? I don't think anybody else would choose "Linksys" as an SSID, would they?
Maybe if they had a D-Link router they might.
Re: (Score:1)
So, no problem if someone installs a proxy on your machine & uses it to surf child porn? I'm sure that it won't take long or have any impact on your reputation for you to explain to the nice law enforcement agents that it wasn't really you doing that sort of thing.
Re:Use a MAC address filter (Score:5, Insightful)
That is poor advice because all it does is create the illusion of security. Actually good advice would be "just use wpa2, or wpa-aes". If you use proper security with your wifi network then there is no need for child's play games like that.
Re: (Score:2, Informative)
Actually, I'd suggest to use both. If one fails, you still have the other.
Re:Use a MAC address filter (Score:5, Insightful)
Re: (Score:1)
The likelihood of someone bothering to bypass my home MAC filter is similar to winning the lottery or being burglarized.
Re: (Score:2)
What exactly do you think the likelyhood of someone cracking a WPA2 network is? If someone is actually able to get through WPA2, they won't even blink at MAC filtering. Well, maybe they'll laugh..
Re: (Score:1)
Near zero? The likelihood of someone living anywhere close to me that has both the desire and knowledge to get into my minimally secure network is similar to the likelihood that an extremely hot girl will approach me and give me her number.
Re: (Score:2)
Think again. Near zero is an over-estimation. Unless you live nextdoor to the NSA*, and they happen to need free wifi, then there is absolutely no reason that you need anything more than WPA2. All you are doing is wasting your own time. Nobody elses.
*Not like MAC filtering would faze the NSA in the slightest...
Re: (Score:2)
I should also point out that if that were true, at least 3 of my neighbours should have won the lottery by now...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It seems that you assumed that I wouldn't suggest first to use wpa2, etc. Seeing as the article is about cracking advanced encryption, I would hope that this is already in place. Poor advice? I think not. It adds additional roadblocks. I also said that it 'helps'. Not that it's a foolproof plan. It just makes it more of a pain to break in.
For example, using a MAC address filter would mean that they would have to spoof a MAC address that you have whitelisted. This requires additional effort and information gathering.
Using a SSID that is not broadcasted, and also not easily guessable (not a dictionary word, and a certain length, etc), makes it harder for SSID crackers to pick it up as well.
You may be happy with just using strong encryption, but I very much prefer enabling these additional security features to harden it even further, even if it is just a little bit further.
I will second what the other two people replying to you have said :
#1) SSID just requires a single deauth to any client. This literally takes 2 seconds to do.
#2) Your clients are broadcasting their MAC addresses in the clear, and it's a fair assumption that any associated client is on your MAC whitelist... Anyone hacking your wireless network is literally staring at these MACS (and probably continuously typing them back into the console).
Anyone with the technical sophistication to go after WPA already kn
Re:Use a MAC address filter (Score:5, Insightful)
So really, anyone who could even think about cracking a WPA or RADIUS network, which would take quite a bit of time and effort and probably days of information gathering to achieve in practice, would find such measures trivial to break.
However, these measures still lower the supportability of your network, which means they would be very costly for something useless. And even worse, because users who had issues with say, your MAC address filter, might not know how to fix them, they might do something stupid to their machine which actually has the net effect of making your network LESS secure. Fun.
Using WPA or MAC address filters would be like arguing that putting a thumbtack on the floor outside a fortress enhances it's security. Objectively undeniable, but still laughable. Sure it will help keep stupid little kids out of your fortress, but those are not the type of people who could never get past the giant walls, moats, archers, etc your actual fortress security employs. On the other hand, this tack, not being in the fortress standards, might actually manage to make miserable the life of a well intentioned, if stupid, servant, guard, etc.
Re:Use a MAC address filter (Score:5, Informative)
Hiding your SSID can actually be detrimental...
If your SSID is open, then your machine can see its broadcasts and connect to it... If the SSID is hidden, then your machine has to probe for it by name.. Meaning that if your machine is away from its usual location, you can see what network its looking for...
If the SSID is hidden, then someone trying to break into it just needs to sniff traffic for a while to get the SSID anyway.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Of course, it's entertaining to deploy some honeypots.
Re:Use a MAC address filter (Score:5, Insightful)
I've never really understood this attitude. I feel that one needs to be aware of security theatre, or security kabuki -- things that make you feel safer but don't actually make you safer. There are two possibilities for an attacker: an idiot, or, someone very capable.
While it's true that a non-broadcast SSID might stop an idiot, ditto for locking down MAC addresses, you can extract both of these (completely unencrypted) from the packet stream. Any modestly competent attacker can do this quite quickly.
But locking down MAC addresses and turning off SSID broadcasting increases the tedium of administration while making no real difference to a hacker. Like the TSA, it's security kabuki in my view.
In general, I don't find my security enhanced by assuming that the attacker is a clueless moron. If that were the case, then Windows 98 coupled with digital hashes checked against all files would be a secure OS.
The one argument I think you could come up with is that if you enable all security features in a disciplined manner then that's just good practice. Maybe. I still think it smacks of a bit of security theatre.
Re: (Score:2)
Never interrupt your enemy when he's making a mistake.
- Napolean Bonaparte (1769 - 1821)
Very Limited (Score:4, Informative)
From TFA:
As with the previous attack, a lot of stars have to be in alignment. The biggest requirement is that TKIP has be the key type, not AES-CCMP. An attacker has to be proximate to sniff traffic and inject packets. The router has to be running Linux, like many Wi-Fi routers do. The router doesn't need to be compromised; there's a particular Wi-Fi packet sequence that's more predictable, and thus easier to use in the attack. Network QoS (802.11e/WMM) needs to be enabled as well.
Re: (Score:3, Interesting)
That's not as limited as it sounds. There are perhaps hundreds of millions of routers running versions of embedded Linux, and WMM/802.11e may be enabled by default on many of those!
Re: (Score:2)
In fact you can bet that it’s enabled in every router that also does allow you to connect a landline phone for VoIP. Which, I guess, is true for pretty much all of them.
Re: (Score:1)
Oh noes! Linux is h@xx0r3d!
Sorry... just got off the roof...
TKIP and CCMP (Score:1)
How about ethernet? No? Well, make sure it's WPA2 Enterprise with a very long password, hidden, etc.
Re:TKIP and CCMP (Score:5, Interesting)
That comment is halfway between troll and truth.
That only works for short passwords using dictionary words and common alternatives--typically eight characters or fewer. Yes, you can get precomputed dictionaries for common SSIDs, and you can even use a new service to do some computation.
However, move to 9 characters of random text (&fa^g_!80) and a unique SSID ("My little pony's network"), and all bets are off to computing the result in anything like a usable period of time.
TKIP and AES-CCMP remain strong for long, strong passwords, long being 10 or more characters, but 12 to 20 is best.
Re: (Score:1)
Re: (Score:1)
However, move to 9 characters of random text (&fa^g_!80) and a unique SSID ("My little pony's network"), and all bets are off to computing the result in anything like a usable period of time.
TKIP and AES-CCMP remain strong for long, strong passwords, long being 10 or more characters, but 12 to 20 is best.
Could someone please answer this? I find when I try to use WPA2 the connection is flaky for my 3yo laptop, whereas WPA provides me a very stable connection. If I use WPA-PSK with a 63 character pseudo random password, and a quirky SSID am I still vulnerable to these WPA TKIP weaknesses? Or does my big crypto strength password still keep me relatively "safe" from your average script kiddy? I don't understand if these exploits still rely on weak passwords?
Re: (Score:3, Informative)
1. If you're having trouble with WPA2, it's an implementation issue. There's no reason that WPA2 shouldn't work as well or better than WPA. In some silicon, AES-CCMP encryption can work faster than TKIP. Check for firmware upgrades on adapters and APs.
2. TKIP keys cannot be extracted by any known methods. Short TKIP and AES-CCMP passphrased-based keys are vulnerable to brute-force dictionary attacks, typically based on precomputed common SSIDs. A key of 10 or more characters is probably fine; 20 random char
Re: (Score:2)
That's only if your password is weak. You still need to use a dictionary attack in that scenario. It is still a good recommendation to move to WPA2 though because this article, like the one before it, show some cracks starting to appear in TKIP.
secure wireless = wrong. (Score:2, Insightful)
if you need really good security in your wireless, JUST LEAVE IT OPEN. ;)
And use a vpn of course
ipsec is widely supported, but openvpn is a good choice too.
secure, encrypted, configurable, and with YEARS of testing behind!
Lack of WPA2-AES support in devices (Score:2)
Without TKIP, these two devices have effectively become expensive (when they were purchased, at least) door stops. It's aggravating, because they both advertised support for WPA2-AES!
Re: (Score:2)
AES support is mandatory for WPA2 devices. If it doesn't support AES, it doesn't have WPA2.
SSID (Score:3, Interesting)
Re: (Score:3, Insightful)
Re: (Score:2)
What online banking website has unencrypted logins?
How many people would notice a man-in-the-middle attack where the connection between the middle and their computer wasn't encrypted/https?
Re: (Score:2)
Because the password is never sent during the 4-way handshake.
Re: (Score:1)
Because the password is never sent during the 4-way handshake.
I'm not talking about stealing the password from an existing connection. More simply just using the same SSID and waiting for the user to accidentally connect to the rogue router. Most users will gladly re-enter their credentials again.
Re: (Score:3, Informative)
Because the password is never sent during the 4-way handshake.
I'm not talking about stealing the password from an existing connection. More simply just using the same SSID and waiting for the user to accidentally connect to the rogue router. Most users will gladly re-enter their credentials again.
When a client connects to a WEP or WPA access point, there is a four-way challenge-response handshake:
1. The client station sends an authentication request to the Access Point.
2. The Access Point sends back a clear-text challenge.
3. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
4. The Access Point decrypts the material, and compares it with t
Re: (Score:2)
Haven't tried this stuff, but know that Windows will tell you when you reconfigure a network to use different encryption. It then rejects your login until you go to a very specific connection wizard and tell it to the correct new type.