Once Thought Safe, WPA Wi-Fi Encryption is Cracked
PCWorld reports today that security researchers have developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.
However, the attack does not however work with the WPA2 standard states Dragos Ruiu, the PacSec conference's organizer who will be discussing it next week in Tokyo.
To quote: "Everybody has been saying, 'Go to WPA because WEP is broken,'" Ruiu said. "This is a break in WPA."
If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks.
Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.
Ruiu expects a lot more WPA research to follow this work. "Its just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground." More PlayStation 3 News...
WPA-PSK is already crackable that's a known fact (aircrack-ng). The time it'll take (brut force, no other choice) depends greatly on the strengh of the chosen password ( => the PSK -- pres shared key--) and the used dictionnary.
this method apparently is somthing else and already existing in aircrakc-ng as one of the guy is the co-developer of that tool: http://www.heise-online.co.uk/securi...--/news/111906
can't wait to see.
This is definitly the best thing I heard in the last few month!
here in my neighborhood there are about 2 wpa2, 20 wpa networks, 3 wep and 1 without encryption. I have the passwords of 4 of them
I think this will make it possible for me to get even more passwords xD
Or you could just buy a router lol
this exploit only affects TKIP, you can disable it and use AES and still be secure, for now.
This exploit only allows you to modify small packets and inject them.
eg. you could modify someones DNS request to return a result that point them to another site.
It does not let you connect to the router and use the network like you could if you have the key.
Daweed30, you do not need to connect to a router to sniff packets.