12 December 2017
Cedric Pariente

IT and Market Finance

Cedric Pariente - EFFI Consultants

23Posts 139,749Views 45Comments
Finextra community

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

How to Crack WiFi Encryption in 1 Minute

28 August 2009  |  6819 views  |  0

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.

How do they do?

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Improvement Compared to Basic WPA Crack?

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.

WPA with TKIP "was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago," said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said.

Are We Secure?

Wi-Fi-certified products have had to support WPA 2 since March 2006. "There's certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time," Davis-Felner said.

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. "It's not as bad as WEP, but it's also certainly bad."

How to Solve the Problem?

Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.

TagsSecurity

Comments: (0)

Comment on this story (membership required)

Latest posts from Cedric

Home Equity Loan and Home Equity Line Of Credit

12 February 2010  |  4394 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupOnline Banking

How to Crack WiFi Network - Video Tutorial

30 January 2010  |  8824 views  |  0 comments | recomends Recommends 0 TagsSecurityGroupOnline Banking

Credit Without a Purpose is Dangerous!

26 January 2010  |  5307 views  |  1 comments | recomends Recommends 0 TagsCardsGroupOnline Banking

Social Suicide 2.0

05 January 2010  |  4826 views  |  1 comments | recomends Recommends 0 TagsSecurityGroupOnline Banking

MC2009

25 December 2009  |  6808 views  |  0 comments | recomends Recommends 0 TagsCardsGroupOnline Banking

Cedric's profile

job title Stanford Certified Project Manager
location Paris
member since 2009
Summary profile See full profile »
I'm Cedric Pariente, a Stanford Certified Project Manager, working in IT & Market Finance.

Cedric's expertise

Member since 2008
23 posts45 comments
What Cedric reads
Think Tank
Cedric's blog archive
2010 (4)2009 (19)

Who's commenting on Cedric's posts