November 6th, 2008

No longer safe: WPA encryption cracked in 12 to 15 minutes

Posted by Andrew Nusca @ 8:44 am

Categories: Wi-Fi

Tags: WPA, Encryption, Erik Tews, Wi-Fi, Network Security, Wireless, Networking, Andrew Nusca

It was only a matter of time.

Sure, we can all expect that some hacker with enough time and processing power would eventually crack a WPA-protected wireless network to decrypt someone’s precious data.

But in 15 minutes?

Yes sir, according to Wi-Fi wizard Erik Tews, who is expected to give a presentation next week at the PacSec Conference in Tokyo describing his “mathematical breakthrough” that he says enables him to crack WPA-TKIP in just 12 to 15 minutes.

PC World has the scoop:

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck’s Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

Uh oh.

Of course, there are limitations: Apparently, the data sent from a connected device to the compromised router is still safe. But anything headed down the information highway in the opposite direction? Wide open.

So who is this Tews guy, anyway? He’s the guy who cracked WEP in under a minute last year (and, in a bit of irony, advised people to switch to WPA as a result). The answer, for now, is to switch to WPA2.

For now.