The methodology appears to be as naive as a brute force attack against the Pre-Shared Key (PSK):
"At the beginning, the area was scanned-sniffed with ‘Airodump’ and then a deauthentication attack was made with ‘Aireplay’," according to the paper. "Through that, an instance of the PSK was caught. Finally, ‘Aircrack’ was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary. For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths. ‘Airodump’ and ‘Aireplay’ are commands of the ‘Aircrack’ suite, responsible for sniffing and deauthentication respectively."
Exactly. We've known that WPA2-PSK was vulnerable to dictionary attacks since before it was even popular. Also, a ~700k password dictionary is not what I would describe as "very big". This still won't crack my wireless, nor many of the wireless networks I've used that have relatively easily predictable passwords.
Am I the only one who thinks that this post is not relevant to HN as it serves just as an advertisement for buying the paper, without providing any meaningful content?
This isn't clear about "how" cracked it is. If it is going to take an attacker a year of CPU time, I'm not going to be too bothered. If it could conceivably run in a few minutes on a mobile phone then it's much more of a problem.
That's right, not enough information. But, however your attitude might be the right one, I'm a little bothered already, because I didn't expect that to happen so soon.
In fact, even the idea of "year of CPU time" doesn't sooth me much, because while most of your traffic might be "quickly-expiring" it's definitely not true for all of your traffic, and what's possible to do with a year of CPU time will be possible to do comparatively cheap very soon. And I guess we all remember stuff like Google collecting some wi-fi traffic anyway.
So, it sounds somewhat scary to me. We don't even have anything better than WPA2 now, do we?
However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast-wireless scanner and a determined intruder. They also point out that while restricting network access to specific devices with a given identifier, their media access control address (MAC address), these can be spoofed.
That doesn't sound like something that would take a year of CPU time, but since no one seems to have actually read and analyzed the paper yet, who knows.
Just to put this in some context, if we're talking about 1 core-year (I hope this unit becomes popular) what it really means is just over 500$ will give you the same result in one year / possible parallelisation. If the process ends with brute-forcing independent branches to look for an answer, that may be effectively an hour or less for each case. Not much of protection really...
(the mobile phone could talk to the cloud but a year is still expensive)
i wonder how quickly you could solve that problem, cracking the wpa2 key, if you had $$$ resources to scale up. could it be usable? would make for a great android app :) i'd buy it!
It looks like they just de-authenticated a client and then performed a dictionary attack:
"At the beginning, the area was scanned-sniffed with ‘Airodump’ and then a deauthentication attack was made with ‘Aireplay’," according to the paper. "Through that, an instance of the PSK was caught. Finally, ‘Aircrack’ was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary. For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths. ‘Airodump’ and ‘Aireplay’ are commands of the ‘Aircrack’ suite, responsible for sniffing and deauthentication respectively." [1]
I like the way securityweek portrays their findings a lot more than the paper states. "cypher/system cracked" carries very specific meaning the the security community, meaning that a specific mechanism has been broken. SW sounds more like an advisory, warning to make sure your keys are strong. Kudos to them.
As other pointed out, there is just not enough information available. Hopefully soon somebody can make the paper available to the rest of us?
What bothers me most however is what the authors seem to recommend as additional security measures (per http://www.securityweek.com/researchers-outline-how-crack-wp...): MAC ACLs and Hidden SSIDs. I don't think I need to point out here how ridiculous these 'security' measures are, especially in light of the nature of the alleged weakness and how one would need to exploit it.
That doesn't really lend a lot of credibility to the paper's / this link's title.
Also, it looks like that without rainbow tables, the PSK cannot be cracked in a meaningful timespan? They compared the 'captured' hash (?) against a dictionary to determine their success, but again, I might be extrapolating too much from too little information.
I'm sure we'll see an analysis written up by Securosis or someone along those lines soon. I'm tempted to buy it myself, but given the synopsis, I'm a little skeptical.
"The researchers have now shown that a brute force attack on the WPA2 password is possible and that it can be exploited, although the time taken to break into a system rises with longer and longer passwords."
A brute force attack is possible on any symmetric encryption system. Difficulty is increased with the size of the keyspace. These are truisms. No offence to the authors, but this isn't really a discovery, unless they've discovered a way to reduce the key space.
"As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. "
This isn't really a backdoor. If there was an actual fault that would allow you to authenticate without passing a key, that would be one thing. But you still have to pass a key by the way they describe it. To perform a brute force attack on the authentication step, you need to capture the handshake. You can wait for that to happen, or try and force one yourself. Here's an aircrack tutorial on how to do this:
Note though, that while this gets you the packets needed to perform your attack on (as opposed to waiting for the Client/AP to periodically reauthenticate), and potentially saved you a couple of hours, you still have to break the key.
And that's what it all comes down to. Breaking a weak password is easy. Breaking a lengthy key is hard. The only vulnerability that exists as described so far is insufficiently long keys. That's a key management/user problem, not so much a technological one.
The summary/abstract/whatever isn't really saying anything new. We've known we can make a brute force attack on WPA2 by temporarily de-authenticating a client for years, and yes, obviously it takes longer the longer the password is. I know they want to sell the article, but did they really need to keep the detail of what exactly do they improve upon also in secret? Are they really mentioning de-auth, spoofing and brute forcing as if they were anything new?
Would someone that bought/knows someone who bought the article be kind enough to clarify on whether or not these guys actually came up with someone new or not, and if whatever they came up with is actually an important improvement from previous techniques?
What I normally tell people to do when setting up a WiFi access point...
1. Set up a PSK of at least 30 random lower case letters.
2. Switch off WPS.
(I used to tell people 20 random characters using mixed case letters, digits and symbols. Using lower case letters only is easier to type on a phone.)
Is a WiFi access point set up this way vulnerable to this new attack?
So many times I've been warned that "WPA2 has been cracked" but when reading, it turns out that someone has just built a system to perform brute force dictionary attacks.
anyone know if the techniques here are new? all existing techniques are prohibitive without a lot of time and cycling wifi keys fixes that as far as i'm aware.
[+] [-] dhx|12 years ago|reply
The methodology appears to be as naive as a brute force attack against the Pre-Shared Key (PSK):
"At the beginning, the area was scanned-sniffed with ‘Airodump’ and then a deauthentication attack was made with ‘Aireplay’," according to the paper. "Through that, an instance of the PSK was caught. Finally, ‘Aircrack’ was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary. For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths. ‘Airodump’ and ‘Aireplay’ are commands of the ‘Aircrack’ suite, responsible for sniffing and deauthentication respectively."
Which part of this paper is new or novel?
[+] [-] timdorr|12 years ago|reply
[+] [-] sspiff|12 years ago|reply
[+] [-] espressopowered|12 years ago|reply
[+] [-] zeroDivisible|12 years ago|reply
[+] [-] jstanley|12 years ago|reply
[+] [-] krick|12 years ago|reply
In fact, even the idea of "year of CPU time" doesn't sooth me much, because while most of your traffic might be "quickly-expiring" it's definitely not true for all of your traffic, and what's possible to do with a year of CPU time will be possible to do comparatively cheap very soon. And I guess we all remember stuff like Google collecting some wi-fi traffic anyway.
So, it sounds somewhat scary to me. We don't even have anything better than WPA2 now, do we?
[+] [-] fhars|12 years ago|reply
[+] [-] jgg|12 years ago|reply
That doesn't sound like something that would take a year of CPU time, but since no one seems to have actually read and analyzed the paper yet, who knows.
[+] [-] EddSeabrook|12 years ago|reply
[+] [-] viraptor|12 years ago|reply
[+] [-] gargarplex|12 years ago|reply
i wonder how quickly you could solve that problem, cracking the wpa2 key, if you had $$$ resources to scale up. could it be usable? would make for a great android app :) i'd buy it!
[+] [-] NemosDemos|12 years ago|reply
"At the beginning, the area was scanned-sniffed with ‘Airodump’ and then a deauthentication attack was made with ‘Aireplay’," according to the paper. "Through that, an instance of the PSK was caught. Finally, ‘Aircrack’ was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary. For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths. ‘Airodump’ and ‘Aireplay’ are commands of the ‘Aircrack’ suite, responsible for sniffing and deauthentication respectively." [1]
[1]http://www.securityweek.com/researchers-outline-how-crack-wp...
[+] [-] ckozlowski|12 years ago|reply
[+] [-] rrggrr|12 years ago|reply
[+] [-] roeme|12 years ago|reply
What bothers me most however is what the authors seem to recommend as additional security measures (per http://www.securityweek.com/researchers-outline-how-crack-wp...): MAC ACLs and Hidden SSIDs. I don't think I need to point out here how ridiculous these 'security' measures are, especially in light of the nature of the alleged weakness and how one would need to exploit it.
That doesn't really lend a lot of credibility to the paper's / this link's title.
Also, it looks like that without rainbow tables, the PSK cannot be cracked in a meaningful timespan? They compared the 'captured' hash (?) against a dictionary to determine their success, but again, I might be extrapolating too much from too little information.
[+] [-] ckozlowski|12 years ago|reply
I'm sure we'll see an analysis written up by Securosis or someone along those lines soon. I'm tempted to buy it myself, but given the synopsis, I'm a little skeptical.
"The researchers have now shown that a brute force attack on the WPA2 password is possible and that it can be exploited, although the time taken to break into a system rises with longer and longer passwords."
A brute force attack is possible on any symmetric encryption system. Difficulty is increased with the size of the keyspace. These are truisms. No offence to the authors, but this isn't really a discovery, unless they've discovered a way to reduce the key space.
"As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. "
This isn't really a backdoor. If there was an actual fault that would allow you to authenticate without passing a key, that would be one thing. But you still have to pass a key by the way they describe it. To perform a brute force attack on the authentication step, you need to capture the handshake. You can wait for that to happen, or try and force one yourself. Here's an aircrack tutorial on how to do this:
http://www.aircrack-ng.org/doku.php?id=cracking_wpa&DokuWiki...
Note though, that while this gets you the packets needed to perform your attack on (as opposed to waiting for the Client/AP to periodically reauthenticate), and potentially saved you a couple of hours, you still have to break the key.
And that's what it all comes down to. Breaking a weak password is easy. Breaking a lengthy key is hard. The only vulnerability that exists as described so far is insufficiently long keys. That's a key management/user problem, not so much a technological one.
[+] [-] Don_|12 years ago|reply
[+] [-] billpg|12 years ago|reply
Is a WiFi access point set up this way vulnerable to this new attack?
So many times I've been warned that "WPA2 has been cracked" but when reading, it turns out that someone has just built a system to perform brute force dictionary attacks.
[+] [-] StavrosK|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] etherealG|12 years ago|reply
anyone know if the techniques here are new? all existing techniques are prohibitive without a lot of time and cycling wifi keys fixes that as far as i'm aware.