Wi-Fi's WPA: cracked in 60 seconds
Wi-Fi just got a little less secure – though not by as much as some headlines might lead you to believe.
Two computer scientists in Japan say they’ve figured out a way to crack the WPA (Wi-Fi Protected Access) encryption system in wireless routers in under a minute.
Details are scarce, but the attack, developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, builds off a theoretical attack against WPA revealed in November 2008.
That attack turned out to be ... well, not as huge a deal as it may have sounded. Ars Technica has a good explanation here, but in essence the attack was of limited use and didn’t crack the Temporal Key Integrity Protocol (TKIP), which means it didn’t allow the hacker to recover the keys used to encrypt the keystream. So while the attack could be used for something like DNS poisoning or spoofing, it didn’t let hackers take over a router or intercept the traffic running through it.
The November 2008 attack also took about 15 minutes. The new hack claims to be a more practical approach that shortens the attack to less than one minute by adding a physical element – namely, a relay between the client and the AP. Otherwise, it’s essentially the same hack, but faster.
Should you worry? Not as far as I can tell. Sysadmins can render both attacks useless by either using really long network keys or by simply upgrading their router encryption – if they haven’t already – from WPA (which uses TKIP) to WPA2 (which supports AES-CCMP).
Not that people aren’t working on theoretical attacks on AES. We’ve seen several papers already this year proposing theoretical AES attacks. But switching to AES should keep your Wi-Fi network safe. For now.