WPA2 Wireless Security cracked?

Discussion in 'other security issues & news' started by sightunseen, Mar 21, 2014.

  1. sightunseen

    sightunseen Registered Member

    Joined:
    Mar 21, 2014
    Posts:
    2
    Location:
    United States
    I read an article on physx that says WPA2 has some vulnerability in the deauthentication. The article is here:
    WPA2 wireless security cracked

    The researchers have now shown that a brute force attack on the WPA2 password is possible and that it can be exploited, although the time taken to break into a system rises with longer and longer passwords. However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast-wireless scanner and a determined intruder. They also point out that while restricting network access to specific devices with a given identifier, their media access control address (MAC address), these can be spoofed.

    It references a paper "Exposing WPA2 security protocol vulnerabilities" but it looks like it's pay to download.

    Has WPA2 security actually been cracked? I am still using WPA myself.
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I'm not sure. They also state that WPA2-CCMP is stronger than WPA2-TKIP, but they don't say whether these vulnerabilities are in both alternatives.
    About WPA, afaik it was previously considered secure unless it's TKIP mode.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    It's always been possible to brute force wireless networks. Use a large password!
     
  4. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    how to protect against this :( ?
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    The only protection for WPA2 is still the same, use 63 characters long password with all symbols and change it regularly, you do not need to remember it, so no problem.
     
  6. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    I do need to remember it!!!!!
    Many of my friends and family's often comes and vizit me and they want the security code for their mobile phones, so they can surf and talk on the app Viber with other's.

    How can i give them a 63 long password to them?

    Is there any other possible ways to secure this issue with WpA2 ?
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Put it in a text file on a USB stick.
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    It most certainly does NOT need to be 63 characters long. 30 characters alone would take years to crack.
     
  9. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    What about AES, which is what I have for My AP ? Is it less secure than the above ?
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    CCMP and AES are the same:
    https://en.wikipedia.org/wiki/Wpa2
     
  11. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
  12. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    I think the article refers to the known TPIK potential vulnerability (brute force) but this, as far as I know, does not apply to AES. But it would be interesting to read the full article.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    How about a measure of reality? No one is going to sit outside your window and spend hours hacking you. If they do, you can always bring them coffee.

    P.S. All them suburbian families are such badasses.

    Mrk
     
  14. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    @Mrkvonic
    Just couldn't agree more.:thumb:
     
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Last edited: Mar 24, 2014
  16. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,102
  17. sgr

    sgr Registered Member

    Joined:
    Sep 11, 2012
    Posts:
    22
    Location:
    IE
  18. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    Wow, something that uses password authentication can be brute forced!? News story of the year...

    It would probably just be easier to walk up to your house when you are asleep/not home and insert a device into the line that brings internet into your house and capture the traffic that way. Probably really easy if coax is involved. :ninja:
     
  19. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
    http://lifehacker.com/5835743/how-t...roid-users-with-a-qr-code-and-barcode-scanner
     
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  21. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Exposing WPA2 Paper:
     
  22. sightunseen

    sightunseen Registered Member

    Joined:
    Mar 21, 2014
    Posts:
    2
    Location:
    United States
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).
     
Loading...