Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Networking Wireless Networking

A New Wi-Fi Exploit, Limited But Clever 77

eggboard writes "Martin Beck, who in 2008 co-wrote a paper describing a way to inject packets into a secured Wi-Fi system, is back with a more extensive exploit. His 'Enhanced TKIP Michael Attacks' still don't allow extraction of a key, and are limited to TKIP (not AES-CCMP) WPA-protected networks. Still, he's figured out how to put in large payloads, and to extract data sent from an access point to a client — all without cracking the network key. The attack requires proximity to sniff and inject data, but it's another crack in the older key standard (TKIP) that no one with serious security interests should still be using." Here is Beck's paper (PDF) describing the new attacks.
This discussion has been archived. No new comments can be posted.

A New Wi-Fi Exploit, Limited But Clever

Comments Filter:
  • by Anonymous Coward

    That's what I always do.

    • by Anonymous Coward on Saturday February 27, 2010 @02:55PM (#31299106)
      Alice? Alice, is that you?

      We were using SSL over L2TP over WPA over IPsec. Who else have you been seeing?

      Bob
      • Re: (Score:2, Funny)

        by Anonymous Coward

        My services as a private investigator are available at a very reasonable price, should you wish them.

        Eve

      • Alice? Alice, is that you?

        We were using SSL over L2TP over WPA over IPsec. Who else have you been seeing?

        Bob

        You don't want to know.

        Trust me.

        Trent

  • Since I have an unnatural fear of vowels I'm waiting for a protocol who's acronym is constructed solely of consonants.
  • Very Limited (Score:4, Informative)

    by HazE_nMe ( 793041 ) on Saturday February 27, 2010 @03:06PM (#31299196) Homepage
    The router must be running Linux with WMM enabled.
    From TFA:

    As with the previous attack, a lot of stars have to be in alignment. The biggest requirement is that TKIP has be the key type, not AES-CCMP. An attacker has to be proximate to sniff traffic and inject packets. The router has to be running Linux, like many Wi-Fi routers do. The router doesn't need to be compromised; there's a particular Wi-Fi packet sequence that's more predictable, and thus easier to use in the attack. Network QoS (802.11e/WMM) needs to be enabled as well.

    • Re: (Score:3, Interesting)

      by eggboard ( 315140 )

      That's not as limited as it sounds. There are perhaps hundreds of millions of routers running versions of embedded Linux, and WMM/802.11e may be enabled by default on many of those!

      • In fact you can bet that it’s enabled in every router that also does allow you to connect a landline phone for VoIP. Which, I guess, is true for pretty much all of them.

    • Oh noes! Linux is h@xx0r3d!

      Sorry... just got off the roof...

  • TKIP and CCMP are both vulnerable to cracking still. People can go in, wait, deauth you, steal your 4-way handshake, and dump the file on a computer or cluster, and have your password quickly.

    How about ethernet? No? Well, make sure it's WPA2 Enterprise with a very long password, hidden, etc.
    • Re:TKIP and CCMP (Score:5, Interesting)

      by eggboard ( 315140 ) on Saturday February 27, 2010 @04:52PM (#31299900) Homepage

      That comment is halfway between troll and truth.

      That only works for short passwords using dictionary words and common alternatives--typically eight characters or fewer. Yes, you can get precomputed dictionaries for common SSIDs, and you can even use a new service to do some computation.

      However, move to 9 characters of random text (&fa^g_!80) and a unique SSID ("My little pony's network"), and all bets are off to computing the result in anything like a usable period of time.

      TKIP and AES-CCMP remain strong for long, strong passwords, long being 10 or more characters, but 12 to 20 is best.

      • I jolly well hope so! It's a shame so many users still have WEP/WPA 10-digit hex passwords. To say nothing of default router and predictable passwords.
      • However, move to 9 characters of random text (&fa^g_!80) and a unique SSID ("My little pony's network"), and all bets are off to computing the result in anything like a usable period of time.

        TKIP and AES-CCMP remain strong for long, strong passwords, long being 10 or more characters, but 12 to 20 is best.

        Could someone please answer this? I find when I try to use WPA2 the connection is flaky for my 3yo laptop, whereas WPA provides me a very stable connection. If I use WPA-PSK with a 63 character pseudo random password, and a quirky SSID am I still vulnerable to these WPA TKIP weaknesses? Or does my big crypto strength password still keep me relatively "safe" from your average script kiddy? I don't understand if these exploits still rely on weak passwords?

        • Re: (Score:3, Informative)

          by eggboard ( 315140 )

          1. If you're having trouble with WPA2, it's an implementation issue. There's no reason that WPA2 shouldn't work as well or better than WPA. In some silicon, AES-CCMP encryption can work faster than TKIP. Check for firmware upgrades on adapters and APs.

          2. TKIP keys cannot be extracted by any known methods. Short TKIP and AES-CCMP passphrased-based keys are vulnerable to brute-force dictionary attacks, typically based on precomputed common SSIDs. A key of 10 or more characters is probably fine; 20 random char

    • TKIP and CCMP are both vulnerable to cracking still. People can go in, wait, deauth you, steal your 4-way handshake, and dump the file on a computer or cluster, and have your password quickly.

      That's only if your password is weak. You still need to use a dictionary attack in that scenario. It is still a good recommendation to move to WPA2 though because this article, like the one before it, show some cracks starting to appear in TKIP.

  • by Anonymous Coward

    if you need really good security in your wireless, JUST LEAVE IT OPEN.
    And use a vpn of course ;)
    ipsec is widely supported, but openvpn is a good choice too.
    secure, encrypted, configurable, and with YEARS of testing behind!

  • Annoyingly, I can think of two devices that can't cope without TKIP under WPA2. The older Apple Airport Express and a Linksys wireless bridge.

    Without TKIP, these two devices have effectively become expensive (when they were purchased, at least) door stops. It's aggravating, because they both advertised support for WPA2-AES!
    • by paul248 ( 536459 )

      AES support is mandatory for WPA2 devices. If it doesn't support AES, it doesn't have WPA2.

  • SSID (Score:3, Interesting)

    by getNewNickName ( 980625 ) on Saturday February 27, 2010 @03:50PM (#31299534)
    Re: wi-fi security, what's to stop someone from creating a hotspot with the same SSID and just wait for the user to provide their credentials when they try to re-login? The average user will probably just go ahead and re-enter their password. No need for breaking any encryption, just a bit of social engineering.
    • Because the password is never sent during the 4-way handshake.

      • Because the password is never sent during the 4-way handshake.

        I'm not talking about stealing the password from an existing connection. More simply just using the same SSID and waiting for the user to accidentally connect to the rogue router. Most users will gladly re-enter their credentials again.

        • Re: (Score:3, Informative)

          by fluffy99 ( 870997 )

          Because the password is never sent during the 4-way handshake.

          I'm not talking about stealing the password from an existing connection. More simply just using the same SSID and waiting for the user to accidentally connect to the rogue router. Most users will gladly re-enter their credentials again.

          When a client connects to a WEP or WPA access point, there is a four-way challenge-response handshake:

          1. The client station sends an authentication request to the Access Point.
          2. The Access Point sends back a clear-text challenge.
          3. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
          4. The Access Point decrypts the material, and compares it with t

          • Haven't tried this stuff, but know that Windows will tell you when you reconfigure a network to use different encryption. It then rejects your login until you go to a very specific connection wizard and tell it to the correct new type.

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...