New attack cracks WPA Wi-Fi encryption in just a minute

Airbot

----------------------
VIP
SF Team
Local time
1:17 AM
Messages
18,396
Encryption systems used by wireless routers have had a long history of security problems. The Wired Equivalent Privacy (WEP) system was cracked and rendered effectively pointless within a few years of its introduction in 1997. Now, it looks like its WPA successor may soon suffer the same fate, with a pair of Japanese researchers developing a way to break it in just one minute.
more..
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1Core i7 920 (D0) @ 4Ghz, *26c idle *65c full ...12GB DDR3 Corsair Dominator -CMD12GX3M6A1600C...Zotac Geforce GTX 770
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Airbot 2.0
OS
Windows 7 Ultimate x64 SP1
CPU
Core i7 920 (D0) @ 4Ghz, *26c idle *65c full load on air
Motherboard
Asus P6X58D Premium - Sata 6Gb/s - USB 3.0
Memory
12GB DDR3 Corsair Dominator -CMD12GX3M6A1600C8 at 1600MHz
Graphics Card(s)
Zotac Geforce GTX 770
Sound Card
ASUS Xonar D2X
Monitor(s) Displays
1 LG 24" Flatron W2453V-PF 1 Samsung 24" P2450H both 2ms RT
Screen Resolution
1920x1080@60hz
Hard Drives
1 Samsung 250GB 840 Evo SSD
1 OCZ Vertex2 180GB SSD
1 TB Samsung Spinpoint F1 7200RPM 32MB cache
2 500GB WD Caviar Blacks 7200RPM 32MB cache (WD5001AALS)

Pioneer DVD Burner DVR-S18M
PSU
Corsair HX1000W
Case
Cooler Master HAF 932
Cooling
Case Fans *3 230mm, *1 140mm/CPU - *Tuniq Tower 120 Extreme
Keyboard
Logitech Wireless MK700
Mouse
Logitech Wireless MK700
Internet Speed
DL 15 Mbps UL 0.98 Mbps
Antivirus
None
Browser
Firefox Nightly
Other Info
Processor-7.7 *RAM- 7.9 *Graphics-7.9 *Gaming Graphics- 7.9 *SSD- 7.8 W.E.I final score= 7.7
*Phone- LG Nexus 5
Aaron Nice post. You think they will ever make wifi encryption bulletproof?
 

My Computer My Computer

At a glance

Win 8 Release candidate 8400[email protected]4 gigsNvidia 9600M
Computer Manufacturer/Model Number
HP Pavillion dv-7 1005 Tx
OS
Win 8 Release candidate 8400
CPU
[email protected]
Memory
4 gigs
Graphics Card(s)
Nvidia 9600M
Sound Card
HD built-in
Monitor(s) Displays
17" Wxga
Screen Resolution
1440x900
Cooling
none
Internet Speed
45Mb down 5Mb up
More reason for wireless users to upgrade their security to WPA-2 if their devices support it.
 

My Computer My Computer

At a glance

Windows 8.1 Pro RTM x64Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Brid...4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2...MSI GeForce GTX770 Gaming OC 2GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dwarf Dwf/11/2012 r09/2013
OS
Windows 8.1 Pro RTM x64
CPU
Intel Core-i5-3570K 4-core @ 3.4GHz (Ivy Bridge) (OC 4.4GHz)
Motherboard
ASRock Z77 Extreme4-M
Memory
4 x 4GB DDR3-1600 Corsair Vengeance CMZ8GX3M2A1600C9B (16GB)
Graphics Card(s)
MSI GeForce GTX770 Gaming OC 2GB
Sound Card
Realtek High Definition on board solution (ALC 898)
Monitor(s) Displays
ViewSonic VA1912w Widescreen (VGA)
Screen Resolution
1440x900
Hard Drives
OCZ Agility 3 SSD 120GB SATA III x2 (RAID 0)
Samsung HD501LJ 500GB SATA II x2
Hitachi HDS721010CLA332 1TB SATA II
Iomega 1.5TB Ext USB 2.0
WD 2.0TB Ext USB 3.0
PSU
XFX Pro Series 850W Semi-Modular
Case
Gigabyte IF233
Cooling
1 x 120mm Front Inlet 1 x 120mm Rear Exhaust
Keyboard
Microsoft Comfort Curve Keyboard 3000 (USB)
Mouse
Microsoft Comfort Mouse 3000 for Business (USB)
Internet Speed
NetGear DG834Gv3 ADSL Modem/Router (Ethernet) ~4.0 Mb/s (O2)
Antivirus
Avast! 8.0.1497
Browser
IE 11
Other Info
Optical Drive: HL-DT-ST BD-RE BH10LS30 SATA Bluray
Lexmark S305 Printer/Scanner/Copier (USB)
WEI Score: 8.1/8.1/8.5/8.5/8.25
Asus Eee PC 1011PX Netbook (Windows 7 x86 Starter)
No encryption will be full proof for ever.
Development eventually catches up with it.

By the time the Japanese finished their crack,
we will all switch to WPA3 and off we go again buying new routers. :D

By the way:
NSA have a supercomputer that cracks all known internet encryptions used to date in a matter of seconds, to a maximum of 15 minutes.
They screen all internet traffic around the globe 24hrs a day.

.
.
 

My Computer My Computer

At a glance

Win7 Build 7600 x86Pentium II 300MHz32mb EDO RAMDiamond Viper
OS
Win7 Build 7600 x86
CPU
Pentium II 300MHz
Motherboard
Asus
Memory
32mb EDO RAM
Graphics Card(s)
Diamond Viper
Sound Card
Soundblaster 16
Monitor(s) Displays
14" AOC CRT 16K color
Screen Resolution
800x600
Hard Drives
300mb Quantum fireball
PSU
110 Watts
Cooling
Passive
Keyboard
Trust Ergonomic
Mouse
Generic
Internet Speed
256K u 128K d
Upgraded BT HomeHub2 to WPA2, thanks for the heads up airbot :D
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64AMD Turion(tm) 64 X2 Mobile Technology TL-563GB Nanya PC2-6400 DDR2-SDRAM SO-DIM (400MHz)NVIDIA GeForce Go 7600 256MB GDDR3 SDRAM
Computer Manufacturer/Model Number
HP Touchsmart IQ771.uk
OS
Windows 7 Ultimate x64
CPU
AMD Turion(tm) 64 X2 Mobile Technology TL-56
Motherboard
ASUS Pheonix
Memory
3GB Nanya PC2-6400 DDR2-SDRAM SO-DIM (400MHz)
Graphics Card(s)
NVIDIA GeForce Go 7600 256MB GDDR3 SDRAM
Sound Card
High Definition Intergrated NVIDIA MCP51
Monitor(s) Displays
46" Sony Bravia HDTV
Screen Resolution
1600x1200
Hard Drives
1.5TB Samsug
320GB Seagate ST3320820AS - SATA 3Gb/s 8MB
500GB Maxtor Basics STM305003EHD301-RK
Internet Speed
↓6.32 Mb/s ↑0.35 Mb/s ↔26ms
Other Info
BIOS - American Megatrends Inc. 5.07
Ethernet Port - NVIDIA nForce 10/100/1000 Mbps
DVD Drive - TSSTcorp DVDR/RW TS-T632L
The attack builds on the so-called "Becks-Tews method"

This may be Tews. I knew he's doing something!

 

My Computer My Computer

At a glance

Windows 7 Professional x64QuadCore AMD Phenom II X4 Black Edition 955 3...8 GB Crucial DDR3SAPPHIRE Radeon HD 4890 1GB HDMI New Edition
Computer Manufacturer/Model Number
MasterB/Custom
OS
Windows 7 Professional x64
CPU
QuadCore AMD Phenom II X4 Black Edition 955 3.2 GHz
Motherboard
Asus M4A785TD-V Evo
Memory
8 GB Crucial DDR3
Graphics Card(s)
SAPPHIRE Radeon HD 4890 1GB HDMI New Edition
Sound Card
VIA VT1708S HD Audio 7.1 onboard/ ATI HDMI video card
Monitor(s) Displays
Acer H233H 23'' LCD HDMI
Screen Resolution
1920x1080
Hard Drives
1x 500GB and 1x 1TB 7200RPM 32MB Cache WD Caviar Black
PSU
CORSAIR CMPSU-620HX 620W
Case
COOLER MASTER Storm Scout SGC-2000
Cooling
2x 140mm and 1x 120mm case fans, Stock CPU fan
Keyboard
Logitech MX 3200
Mouse
Logitech MX 3200
Internet Speed
15 Mbps
Other Info
My first build!
Aaron Nice post. You think they will ever make wifi encryption bulletproof?
No, a coworker once said, "if it's made by man, it can be broken by man". I do think that it holds true.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Q9550 2.83Ghz OC'd to 3.40Ghz8GB G.Skill PI DDR2-800, 4-4-4-12 timingsEVGA 1280MB Nvidia GeForce GTX570
Computer Manufacturer/Model Number
Self-Built in July 2009
OS
Windows 7 Ultimate x64
CPU
Intel Q9550 2.83Ghz OC'd to 3.40Ghz
Motherboard
Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
Memory
8GB G.Skill PI DDR2-800, 4-4-4-12 timings
Graphics Card(s)
EVGA 1280MB Nvidia GeForce GTX570
Sound Card
Realtek ALC899A 8 channel onboard audio
Monitor(s) Displays
23" Acer x233H
Screen Resolution
1920x1080
Hard Drives
Intel X25-M 80GB Gen 2 SSD
Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
PSU
Corsair 620HX modular
Case
Antec P182
Cooling
stock
Keyboard
ABS M1 Mechanical
Mouse
Logitech G9 Laser Mouse
Internet Speed
15/2 cable modem
Other Info
Windows and Linux enthusiast. Logitech G35 Headset.

My Computer My Computer

At a glance

Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04Intel E6750 @ 3.80GHz2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHzEVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Computer Manufacturer/Model Number
Custom | Whitebox
OS
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU
Intel E6750 @ 3.80GHz
Motherboard
Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory
2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card(s)
EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card
Realtek ALC888
Monitor(s) Displays
21" VIZIO TV
Screen Resolution
1680x1050 @ 60Hz
Hard Drives
Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
PSU
Corsair 750W
Case
NZXT Nemesis Elite
Cooling
Thermaltake SpinQ
Keyboard
Logitech Wireless S520
Mouse
Logitech Wireless S520 - Microsoft Wireless Arc Mouse
Internet Speed
Download: 20mbps, Upload: 3mbps
Both attacks work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They aren't key-recovery attacks
Some implementations of WPA supports AES too (I'm not referring to WPA2). So no, I wouldn't say WPA is cracked. It makes more sense to say TKIP is cracked, but even this is not really the case (broken maybe, but not cracked).
 

My Computer My Computer

At a glance

XP, Seven, 2008R2AMD, Intel, VIACorsair, Kingston, etc.ATI, NVIDIA
Computer Manufacturer/Model Number
Too many to list.
OS
XP, Seven, 2008R2
CPU
AMD, Intel, VIA
Motherboard
Various
Memory
Corsair, Kingston, etc.
Graphics Card(s)
ATI, NVIDIA
Monitor(s) Displays
Samsung
Hard Drives
Maxtor, Western Digital
Keyboard
qwerty
Internet Speed
22 Mb/s @ home, 1 Gb/s @ server
Other Info
All of my systems still run fastest on XP 32-bit for the most part. Win7 is fun to play with, but I still prefer XP for raw speed, security, and functionality.
Aaron Nice post. You think they will ever make wifi encryption bulletproof?
I try to take a 'reasonable' approach to 'security'. Take my house for example, (please DON'T take my house!). If I wanted a completely secure, break-in proof house, there would be no openings large enough for anyone to enter, no doors or windows, all solid. But then even I could not get in or out, so what would be the point? Yes, I lock my doors at night before going to bed, but any strong person could kick the door frame right off the wall. After all, there is only a little striker plate and two screws securing the door to the wall. The glass windows break easily. So why lock doors and windows? If you make it hard enough (although not impossible) for someone to break-in, they will go somewhere else, where it is easier. And with computers, there is a huge supply of easy targets. So I try not to stress over security, but I do lock the doors.

Robert
 

My Computer My Computer

At a glance

...
OS
...
I try to take a 'reasonable' approach to 'security'. Take my house for example, (please DON'T take my house!). If I wanted a completely secure, break-in proof house, there would be no openings large enough for anyone to enter, no doors or windows, all solid. But then even I could not get in or out, so what would be the point? Yes, I lock my doors at night before going to bed, but any strong person could kick the door frame right off the wall. After all, there is only a little striker plate and two screws securing the door to the wall. The glass windows break easily. So why lock doors and windows? If you make it hard enough (although not impossible) for someone to break-in, they will go somewhere else, where it is easier. And with computers, there is a huge supply of easy targets. So I try not to stress over security, but I do lock the doors.

Robert

+1 agree with you 100%. Paranoia is the worst prison cell of all.

For home use, WPA or WPA2 + strong password, + mac filter + no broadcast, should keep them busy for a while. And then what? They can use my internet connection.
Still some work to do, to get into my router (providing I changed the admin/admin default).
And then get past my windows security (providing I set that up right).

At the end of the day the reward is what? My family pictures? My letter to the IRS asking them if I can pay a little later? The free use of my printer?
They would still have to get into my house to pick up their printouts. :D:D:D


For corporations it's a different ballgame, but getting into their servers should be tenfold more challenging.

.
 

My Computer My Computer

At a glance

Win7 Build 7600 x86Pentium II 300MHz32mb EDO RAMDiamond Viper
OS
Win7 Build 7600 x86
CPU
Pentium II 300MHz
Motherboard
Asus
Memory
32mb EDO RAM
Graphics Card(s)
Diamond Viper
Sound Card
Soundblaster 16
Monitor(s) Displays
14" AOC CRT 16K color
Screen Resolution
800x600
Hard Drives
300mb Quantum fireball
PSU
110 Watts
Cooling
Passive
Keyboard
Trust Ergonomic
Mouse
Generic
Internet Speed
256K u 128K d
+1 agree with you 100%. Paranoia is the worst prison cell of all.

For home use, WPA or WPA2 + strong password, + mac filter + no broadcast, should keep them busy for a while. And then what? They can use my internet connection.
Still some work to do, to get into my router (providing I changed the admin/admin default).
And then get past my windows security (providing I set that up right).

At the end of the day the reward is what? My family pictures? My letter to the IRS asking them if I can pay a little later? The free use of my printer?
They would still have to get into my house to pick up their printouts. :D:D:D
Funny, but how true:

:roflmao::roflmao::roflmao:
 

My Computer My Computer

At a glance

...
OS
...
The problem isn't print jobs. It is credit card numbers, et cetera.

I wish. Maybe they could pay the 3000 debt I have on it.

:roflmao:
 

My Computer My Computer

At a glance

Win7 Build 7600 x86Pentium II 300MHz32mb EDO RAMDiamond Viper
OS
Win7 Build 7600 x86
CPU
Pentium II 300MHz
Motherboard
Asus
Memory
32mb EDO RAM
Graphics Card(s)
Diamond Viper
Sound Card
Soundblaster 16
Monitor(s) Displays
14" AOC CRT 16K color
Screen Resolution
800x600
Hard Drives
300mb Quantum fireball
PSU
110 Watts
Cooling
Passive
Keyboard
Trust Ergonomic
Mouse
Generic
Internet Speed
256K u 128K d
Well, not the whole 3k, but I will post this month's payment. You have me feeling guilty. :sarc:

I was wondering, are creditcards in the USA also insured?

A few years back somebody in Paris (France) was ordering stuff on my Visa card. About 4000 euros worth.

I called Visa and I didn't have to pay a dime.

.
 

My Computer My Computer

At a glance

Win7 Build 7600 x86Pentium II 300MHz32mb EDO RAMDiamond Viper
OS
Win7 Build 7600 x86
CPU
Pentium II 300MHz
Motherboard
Asus
Memory
32mb EDO RAM
Graphics Card(s)
Diamond Viper
Sound Card
Soundblaster 16
Monitor(s) Displays
14" AOC CRT 16K color
Screen Resolution
800x600
Hard Drives
300mb Quantum fireball
PSU
110 Watts
Cooling
Passive
Keyboard
Trust Ergonomic
Mouse
Generic
Internet Speed
256K u 128K d
I was wondering, are creditcards in the USA also insured?

A few years back somebody in Paris (France) was ordering stuff on my Visa card. About 4000 euros worth.

I called Visa and I didn't have to pay a dime.

.
Insured is not the right word. My beautiful wife was the victim of credit card fraud/identity theft before we were married. I could prove the fraud in two cases. One account balance was zeroed out - and later the credit account was withdrawn. The other bank demanded payment in full in spite of the proof - because she had made four payments on the debt.

The credit card companies guarantee payment to the merchant - merchants would not accept the cards otherwise. Most credit agreements waive liability to the cardholder under specific circumstances. Solvency of the credit card company is paramount in America. Consumers are at the mercy of the wind.
 
Insured is not the right word.
One would have to read and be able to understand the credit card agreement one agrees to when accepting and using the card to know just what rights you have. Generally, you have a limited time to identify and notify of fraudulent charges to ones credit card or bank account in order to be absolved of the charges. One must be diligent in reviewing credit card and bank statements monthly and in the USA one can receive three free credit reports per year, allowing one to do a review of one's credit history every four months.

Personally, I NEVER use a "Debit Card" because the funds can be stolen from my checking account and cause a boatload of headaches. At least with a credit card, I have 30 days to identify fraudulent charges before I have to make a payment on the card.

Although there are other ways to steal one's financial info, keeping "hackers" and thieves out of my computer and away from my credit card numbers and passwords is not that difficult. A little bit of software and a lot of common sense usually do it.

Robert
 

My Computer My Computer

At a glance

...
OS
...
Insured is not the right word. My beautiful wife was the victim of credit card fraud/identity theft before we were married. I could prove the fraud in two cases. One account balance was zeroed out - and later the credit account was withdrawn. The other bank demanded payment in full in spite of the proof - because she had made four payments on the debt.

The credit card companies guarantee payment to the merchant - merchants would not accept the cards otherwise. Most credit agreements waive liability to the cardholder under specific circumstances. Solvency of the credit card company is paramount in America. Consumers are at the mercy of the wind.

In most European countries the consumer is protected against credit card fraud.

The European court ruled that the banks are responsible because credit card security is a joke.
The banks are well aware of it, nevertheless they chose not to upgrade security because it would cost them a lot more than the losses they suffer from fraud.

I read somewhere that most of the defrauders are caught because they are so stupid to have the ordered goods delivered at their home residence. :D

edit: the French dude who misused my card was one of them, according to Visa. :D
 

My Computer My Computer

At a glance

Win7 Build 7600 x86Pentium II 300MHz32mb EDO RAMDiamond Viper
OS
Win7 Build 7600 x86
CPU
Pentium II 300MHz
Motherboard
Asus
Memory
32mb EDO RAM
Graphics Card(s)
Diamond Viper
Sound Card
Soundblaster 16
Monitor(s) Displays
14" AOC CRT 16K color
Screen Resolution
800x600
Hard Drives
300mb Quantum fireball
PSU
110 Watts
Cooling
Passive
Keyboard
Trust Ergonomic
Mouse
Generic
Internet Speed
256K u 128K d
...Although there are other ways to steal one's financial info, keeping "hackers" and thieves out of my computer and away from my credit card numbers and passwords is not that difficult. A little bit of software and a lot of common sense usually do it.

Robert
Yes, TJX and Home Depot, et al, probably did not ******** common sense.
 
Back
Top