WPA alleged to be crackable in less than 15 minutes
At next week's PacSec 2008 security conference in Tokyo, German security specialist Erik Tews will give a presentation on how to snoop on the traffic of WPA-protected Wi-Fi networks within just 15 minutes. The talk's title is "Gone in 900 Seconds: Some Crypto Issues with WPA". According to US media reports, Tews and his co-researcher Martin Beck can use the same attack method to inject false data into the traffic between a router and a notebook PC. The precise method has not yet been made public.
Little is known of the attack at the moment, although he plans to publish a details in an academic journal. According to US media coverage, it appears not to be a full crack – the researchers have said that they do not need to crack the TKIP encryption used by WPA, and that it is not a dictionary attack. They admit that they need a large sample of data from the router, but claim that they use some novel mathematics to drastically reduce the time that a conventional brute-force attack would take.
Tews' co-worker Beck is the co-developer of wirless packet-sniffer and WEP-cracking tool aircrack-ng. To crack WEP (Wired Equivalent Privacy) rapidly, the router is subjected to replay attacks that make it disgorge large quantities of data. Similarly, the WPA attack employs a "new trick" in order to make a router working with WPA send large quantities of data, allowing the attack to yield results in 12-15 minutes. It is reported that parts of the code have already been secretly incorporated into the aircrack-ng tool.
The more recent WPA2 encryption scheme is not vulnerable to the same attack, because it uses AES (the Advanced Encryption Standard). WPA uses TKIP which, like WEP, uses the RC4 algorithm but changes the key for every packet. The ingredients employed include the Pairwise Transient Key (derived from the Pairwise Master Key), the MAC (Media Access Control) address of the sender, and the serial number of the packet, all of these being blended into a key by a hash function.
If WPA now has to be regarded as cracked, users can of course turn to WPA2. The trouble is that such switches can take a very long time – the changeover from WEP to WPA took years. ElcomSoft, a Russian computer software company, caused concern when it announced in mid-October that the pre-shared key (PSK) used for authentication could be recovered relatively quickly by means of Nvidia graphics cards operating in parallel.
For further details see:
- Security experts reveal details of WPA hack on heise Security