Sign in with
Sign up | Sign in

WPA Encryption Cracked in One Minute

By - Source: Tom's Guide US | B 38 comments

Two Japanese scientists have figured out a way to crack WPA encryption in sixty seconds.

Two Japanese scientists, Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, plan to reveal how they can crack WPA encryption in sixty seconds at a technical conference taking place on September 25 in Hiroshima. PC Advisor said that the two scientists have designed an attack that gives hackers a way to read the encrypted traffic passed from PCs and certain routers that use WPA.

The method isn't new: security researchers revealed a way to break WPA encryption back in November. However, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack took place, the scientists have taken the supposed attack "to a new level," saying that they took theoretical information and made it "much more practical."

The previous attack method, developed by researchers Martin Beck and Erik Tews, took between 12 and 15 minutes to work on a smaller range of WPA devices. The PC advisor report also stated that both attacks only work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. Fortunately, the attack does not work on WPA systems using Advanced Encryption Standard (AES) algorithm, or WPA 2 devices.

If this bit of news seems a little frightening, don't fret: many WPA routers allow users to switch from TKIP encryption to AES through the administration interface.

Display 38 Comments.
This thread is closed for comments
Top Comments
  • 26 Hide
    ssalim , August 27, 2009 10:42 PM
    Gone in sixty seconds.
Other Comments
  • 26 Hide
    ssalim , August 27, 2009 10:42 PM
    Gone in sixty seconds.
  • 7 Hide
    Anonymous , August 27, 2009 10:47 PM
    It irritates me how the nomenclature is often confused when it is so simple.

    WPA is often equated with TKIP and WPA2 with CCMP, but this is wrong...
    A wireless access point advertising WPA may offer TKIP or CCMP or both at the same time. The same is true with WPA2.

    TKIP is RC4 based.

    CCMP is AES based.

    How is this hard to understand or explain? And more importantly, and worse!, why do manufacturers get it wrong?
  • 4 Hide
    Shadow703793 , August 27, 2009 10:52 PM
    ssalimGone in sixty seconds.

    :lol:  !
  • 8 Hide
    Supertrek32 , August 27, 2009 11:29 PM
    No matter how secure you think it might be, never trust wireless networks for security. If it's sensitive data, just wait until you can plug into the wall. You never know, so if you're paranoid enough that you truely want all that encryption, just use good ol' ethernet cables.
  • 1 Hide
    pakardbell486dx2 , August 27, 2009 11:51 PM
    Sweet I can't wait tell they add this tool onto BackTrack
  • 0 Hide
    IzzyCraft , August 28, 2009 12:00 AM
    Depends how much power they are using, people can use a ps3 to brute force wpa in that amount of time etc.
  • -6 Hide
    matt87_50 , August 28, 2009 12:11 AM
    hehe noobs and their out dated WPA, WPA2 FTW!! that will never be broken! ...right?
  • -7 Hide
    xaira , August 28, 2009 12:16 AM
    CrazyasiannationalistkilldemjapsFuck da Japanesedey always krackin shit


    ROTFLMFAO
  • 0 Hide
    one-shot , August 28, 2009 12:21 AM
    Hmmm. Good thing the college here has WPA with TKIP encryption....wait a minute....
  • 0 Hide
    Anonymous , August 28, 2009 12:24 AM
    Nothing is Hacker proof! Thank God!
  • -3 Hide
    tipoo , August 28, 2009 1:59 AM
    Meh...Who uses WPA now anyways?
  • -4 Hide
    betrayer_ , August 28, 2009 2:21 AM
    kewl...so how do i do it?
  • -6 Hide
    tacoslave , August 28, 2009 2:32 AM
    Crazyasiannationalistkilldemjaps



    wow what a name
  • 0 Hide
    kikireeki , August 28, 2009 2:40 AM
    The IEEE 802.11 protocol has shown its vulnerability long time ago.
  • 0 Hide
    blackbyron , August 28, 2009 4:20 AM
    cracking the WPA encryption in 60 seconds seems impressive. :/ 
  • -1 Hide
    Judguh , August 28, 2009 4:30 AM
    supertrek32No matter how secure you think it might be, never trust wireless networks for security. If it's sensitive data, just wait until you can plug into the wall. You never know, so if you're paranoid enough that you truely want all that encryption, just use good ol' ethernet cables.


    Now... in a home environment - sure, that's fine - just make sure there's hook-ups available. For businesses though... Ethernet, sure, but having NAC with it is the way to go. It's a pain to setup, but very effective means of truly securing what devices connect where, when and how.
  • -7 Hide
    ben850 , August 28, 2009 6:58 AM
    they're going to show it in Hiroshima? it must have something to do with use of radiation..
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter