Back to list
All Ur WiFi(WPA) R Belong 2 PacSec
Nov 07 2008 06:57AM
Dragos Ruiu (dr kyx net)
Just as a heads up, one of the author(s) of the first practical crypto
attack against WPA secured wireless networks, besides
launching a dictionary attack when a weak pre-shared keys(PSK)
are used, Erik Tews, will be speaking at PacSec in Tokyo, on
Thursday next week. More specifically, his attack uses a
combination of protocol weaknesses and cryptographic
weaknesses to compromise TKIP encryption. The attack
lets the attacker inject seven packets into the network,
per decrypt window. It's an interesting attack, because it
also hints at other attack forms, so it is rather open
You should discontinue use of TKIP is my recommendation.
The problem with this is that most AP implementations that
I have seen will automatically drop back to TKIP from CCMP(AES)
to support older clients. You should disable this if you are
given the option on your AP or WiFi router configuration.
Unfortunately how to do this varies on each router's
configuration systems, and some routers do not
provide facilities to do this.
If you aren't given the option to disable this, you might want
to think about getting a different Access Point or WiFi Router. :-)
You should seriously consider using some higher level
encryption facilities such as a VPN, IPsec, or SSH
to secure your communications over wireless.
Look at ssh -D <port> (or equivalent putty options)
to a wired host and the socks proxy options on
your browser to use that port on localhost, when
surfing over wireless.
On some equipment CCMP is called WPA2 and TKIP is WPA.
The WPA spec leaves support of CCMP(AES) optional
while the WPA2 spec mandates both TKIP and AES
Important WPA/WPA2 Recommendations:
-Use only CCMP(AES).
-Disable Negotiations to TKIP from CCMP(AES).
-If you must use TKIP, rekey every 120 seconds.
To prevent this attack, we suggest using a very short rekeying time,
for example 120 seconds or less. ... The best solution would be
disabling TKIP and using a CCMP only network.
Oh, P.S. AFAIK some of the code to do this attack is out :).
If you want to find out more, you have to come to PacSec. :-)
The details are fairly intricate but the bottom line is above.
Consider yourselves duly warned.
World Security Pros. Cutting Edge Training, Tools, and Techniques
Buenos Aires, Argentina Sept. 30 / Oct. 1 - 2008 http://ba-con.com.ar
Tokyo, Japan November 12/13 2008 http://pacsec.jp
Vancouver, Canada March 16-20 2009 http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp
[ reply ]
Copyright 2010, SecurityFocus