WPA Encryption Cracked in One Minute

Two Japanese scientists have figured out a way to crack WPA encryption in sixty seconds.

Two Japanese scientists, Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, plan to reveal how they can crack WPA encryption in sixty seconds at a technical conference taking place on September 25 in Hiroshima. PC Advisor said that the two scientists have designed an attack that gives hackers a way to read the encrypted traffic passed from PCs and certain routers that use WPA.

The method isn't new: security researchers revealed a way to break WPA encryption back in November. However, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack took place, the scientists have taken the supposed attack "to a new level," saying that they took theoretical information and made it "much more practical."

The previous attack method, developed by researchers Martin Beck and Erik Tews, took between 12 and 15 minutes to work on a smaller range of WPA devices. The PC advisor report also stated that both attacks only work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. Fortunately, the attack does not work on WPA systems using Advanced Encryption Standard (AES) algorithm, or WPA 2 devices.

If this bit of news seems a little frightening, don't fret: many WPA routers allow users to switch from TKIP encryption to AES through the administration interface.

You need to be logged to post a comment

There are 38 Comments.

Top Comments

26

ssalim , August 28, 2009 5:42 AM

Gone in sixty seconds.

Other Comments

26

ssalim , August 28, 2009 5:42 AM

Gone in sixty seconds.
7

anonymous@guest , August 28, 2009 5:47 AM

It irritates me how the nomenclature is often confused when it is so simple.

WPA is often equated with TKIP and WPA2 with CCMP, but this is wrong...
A wireless access point advertising WPA may offer TKIP or CCMP or both at the same time. The same is true with WPA2.

TKIP is RC4 based.

CCMP is AES based.

How is this hard to understand or explain? And more importantly, and worse!, why do manufacturers get it wrong?
4

Shadow703793 , August 28, 2009 5:52 AM

ssalimGone in sixty seconds.

!
-14

JohnnyLucky , August 28, 2009 6:02 AM

So is this about some sort of wireless access?
-14

anonymous@guest , August 28, 2009 6:08 AM

Lol.
-24

anonymous@guest , August 28, 2009 6:14 AM

Fuck da Japanese
dey always krackin shit
8

Supertrek32 , August 28, 2009 6:29 AM

No matter how secure you think it might be, never trust wireless networks for security. If it's sensitive data, just wait until you can plug into the wall. You never know, so if you're paranoid enough that you truely want all that encryption, just use good ol' ethernet cables.
1

pakardbell486dx2 , August 28, 2009 6:51 AM

Sweet I can't wait tell they add this tool onto BackTrack
0

IzzyCraft , August 28, 2009 7:00 AM

Depends how much power they are using, people can use a ps3 to brute force wpa in that amount of time etc.
-6

matt87_50 , August 28, 2009 7:11 AM

hehe noobs and their out dated WPA, WPA2 FTW!! that will never be broken! ...right?
-7

xaira , August 28, 2009 7:16 AM

CrazyasiannationalistkilldemjapsFuck da Japanesedey always krackin shit

ROTFLMFAO
0

one-shot , August 28, 2009 7:21 AM

Hmmm. Good thing the college here has WPA with TKIP encryption....wait a minute....
0

anonymous@guest , August 28, 2009 7:24 AM

Nothing is Hacker proof! Thank God!
-3

tipoo , August 28, 2009 8:59 AM

Meh...Who uses WPA now anyways?
-4

betrayer_ , August 28, 2009 9:21 AM

kewl...so how do i do it?
-6

tacoslave , August 28, 2009 9:32 AM

Crazyasiannationalistkilldemjaps

wow what a name
0

kikireeki , August 28, 2009 9:40 AM

The IEEE 802.11 protocol has shown its vulnerability long time ago.
0

blackbyron , August 28, 2009 11:20 AM

cracking the WPA encryption in 60 seconds seems impressive.
-1

Judguh , August 28, 2009 11:30 AM

supertrek32No matter how secure you think it might be, never trust wireless networks for security. If it's sensitive data, just wait until you can plug into the wall. You never know, so if you're paranoid enough that you truely want all that encryption, just use good ol' ethernet cables.

Now... in a home environment - sure, that's fine - just make sure there's hook-ups available. For businesses though... Ethernet, sure, but having NAC with it is the way to go. It's a pain to setup, but very effective means of truly securing what devices connect where, when and how.
-7

ben850 , August 28, 2009 1:58 PM

they're going to show it in Hiroshima? it must have something to do with use of radiation..

Display more comments

WPA Encryption Cracked in One Minute

Tom’s guide in the world