Total Pageviews

Friday, 23 December 2011

wpa-crawls-into-the-grave-with-wep

So I was reading the AirMagnet Cisco OTAP vulnerability, which is bad.  This is a vulnerability that deserves its own blog post.  I was then directed/distracted to an article that suggests that WPA is completely broken. *gasp* another wireless “privacy” standard bites the dust.  There are some practical attacks against WPA including dictionary (offline) attacks as well as the Beck-Tews attack that can recover the WPA key in 12-15 minutes with some limitations (WLAN must support 802.11e).  This new attack by the Japanese researchers Ohigashi and Morii claims that WPA can be broken in 4 minutes.  If this attack is legit and more than just theory, it would be yet another failed wireless encryption standard.
After some Googling I found the researcher’s paper describing the attack.  I have mirrored the paper here.  As far as I can tell, this latest WPA exploit has not (yet) been made into an exploit.  I will update this post as I get more information on this new attack.
Update: Dragos Ruiu mentioned the new WPA attack on Daily Dave.

FROM http://www.stratumsecurity.com/blog/2009/08/25/wpa-crawls-into-the-grave-with-wep/

No comments:

Post a Comment