The now widely used Wi-Fi Protected Access (WPA) standard is apparently not as protected as router makers had hoped. According to a new study, the PIN codes used to lock down the system can be brute forced on many devices by inputting incorrect PIN codes. Millions of routers and access points could be affected.
Summary: You know that easy to setup Wi-Fi access point or router of yours? It turns out that the easy to setup part is also easy to hack: Really easy to hack.
December 28, 2011 at 3:19pm
I actually just clicked the link, and you have the wrong terminology. You are confusing Wi-Fi Protected Access with Wi-Fi Protected Setup, the two are totally different.
Computer Type: PC/Desktop System Manufacturer/Model Number: Custom Build OS: Windows 10 Pro - 64 bit CPU: Intel i7 2600K Motherboard: Asus P8P67 Memory: 8 Gig ddr3 1600 mhz - viper extreme (Patriot) Graphics Card: EVGA 980 TI Monitor(s) Displays: 2 - Lg 21" LED , sony 48 " bravia LED Mouse: logitech wireless PSU: 1000 Watt Coolmaster : Silent Pro Gold Case: antec 1200 Cooling: watercooled Hard Drives: one - samsung 840 series 465.76 GB SSD
two - wd 2 tB black
one - wd 1.5 tb black
one - wb 1 tb black Antivirus: Norton Security 2015 Other Info: powerware 3.1 KVA FERRUPS with 4 - 1000 Amp Deep cycle batteries ...
I remember a Japanese guy saying well over a year ago that he would be able to crack WAP protection within two minutes using cracking software he'd developed on the very same principles, I'm sure it was published on El-Reg's website at the time...
December 28, 2011 at 3:19pm
I actually just clicked the link, and you have the wrong terminology. You are confusing Wi-Fi Protected Access with Wi-Fi Protected Setup, the two are totally different.
I think that error has been fixed.
Since my wireless networking classes, I've always thought that the WPS (Easy Setup) was a disaster waiting to happen.
WPA-TKIP (Encryption) has been broken by at least two different groups of researchers (and a "blogger").
Another dozen used WPA (Wi-Fi Protected Access), with the built-in Temporal Key Integrity Protocol (TKIP) security protocol. There, I used a rainbow table, a list of the most common WPA passwords, to pop open APs almost as quickly as I could open up a coke bottle. I also managed to pry open a pair of routers using WPA2 (Wi-Fi Protected Access 2) with TKIP using rainbow table.
So is AES still decent, or has it been broken too/
Currently AES is "still standing".
Who knows for how long though.
If you really want to secure a Wi-Fi network in 2010 you must use WPA2 with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), aka Advanced Encryption Standard (AES).
I'm a little confoosed... what I'm seeing in the news concerns the weakness of the WPS PIN for assigning a security key across wireless devices from a router which is WPS equipped.
Many months ago there were claims of WEP security being crackable.
Most of us know to use stronger methods of encryption.
The present issue appears to relate uniquely to WPS and the PIN number generated as being vulnerable.
Quote