Network Security News

Researchers crack WPA Wi-Fi encryption in 60 seconds

Friday, August 28, 2009

Two Japanese researchers have found a way to break the encryption of data sent over Wi-Fi Protected Access (WPA), a security protocol for transmitting information via 802.11 wireless LAN, in about 60 seconds.

The hack builds on an attack devised in 2008 by two researchers (Beck and Tews) who managed to crack WPA encryption of short packets of data in 12 to 15 minutes.

In their paper, Toshihiro Ohigashi and Masakatu Morii describe a practical message falsification attack on any WPA implementation that uses the Beck and Tews method in a man-in-the-middle attack (MITM).

In the MITM attack, the user's communication is intercepted by an attacker until the attack ends. Since the victims of the attack might detect it if the attack window is large, the researchers used methods for reducing the execution time of the attack to about one minute.

This attack only works on WPA encryption and cannot recover the WPA encryption key.

WPA2 with AES encryption is now standard on most Wi-Fi products. Hackers have not been able to break the encryption of these formats.
ADNFCR-1765-ID-19337140-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now