[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] WPA attack improved to 1min, MITM



The Beck/Tews WiFi WPA attack presented at PacSec has been improved (down to 1 min, MITM) by 2 .jp researchers (Ohigashi, Morii) http://bit.ly/clCpm Remember: avoid WPA/TKIP and force AES only encryption in WPA2 - don't let your access point automatically fall back automatically to the insecure TKIP/WPA mode, to be safe. (At least until any WPA2 attacks are published ;-P)

cheers,
--dr

P.S. CanSecWest registration is now up, and a new Japanese PacSec registration is live. June has been picked as the time for EUSecWest in Amsterdam.
(hat tip: T Harada)

url: http://jwis2009.nsysu.edu.tw/index.php/jwis/jwis2009/paper/view/80

A Practical Message Falsification Attack on WPA
Toshihiro Ohigashi, Masakatu Morii

Last modified: 2009-07-20

Abstract
In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the Beck-Tews attack) can recover plaintext from an encrypted short packet, and can falsify it. The execution time of the Beck-Tews attack is about 12-15 minutes. However, the attack has the limitation, namely, the targets are only WPA implementations those support IEEE802.11e QoS features. In this paper, we propose a practical message falsification attack on any WPA implementation. In order to ease targets of limitation of wireless LAN products, we apply the Beck-Tews attack to the man-in-the-middle attack. In the man-in- the-middle attack, the user's communication is intercepted by an attacker until the attack ends. It means that the users may detect our attack when the execution time of the attack is large. Therefore, we give methods for reducing the execution time of the attack. As a result, the execution time of our attack becomes about one minute in the best case.

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan November 4/5 2009  http://pacsec.jp
Vancouver, Canada March 22-26  http://cansecwest.com
Amsterdam, Netherlands June  http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/