IT PRO: Blogs: Davey Winder: WiFi

Home

Davey Winder's Blog

WiFi Security: Gone in 60 Seconds

Posted in WiFi, Security on August 30, 2009 at 10:14 pm

Without repetition, hesitation or deviation WPA WiFi Encryption has been cracked wide open - in just a minute. Yep, Japanese researchers at Hiroshima and Kobe universities have reportedly managed to break the WPA encryption found on wireless routers in less than 60 seconds.

Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University will be explaining all to an eager audience in Hiroshima at a technical conference towards the end of September. It is, I am led to believe, the first time that previously purely theoretical WPA hacking techniques have been moved into the seriously practical realm. So whereas previous WPA attacks have been able to crack a relatively small set of routers, and took an admittedly still rather worryingly quick 15 minutes or so, the new method is said to be far more wide reaching and a whole heap quicker despite it using a similar approach in targeting the TKIP algorithm.

As far as I am aware, both WPA2 and AES remain safe from the techniques involved.

I have to admit that I am not entirely surprised by the new claims, only surprised that it has taken so long to destroy the integrity of what was only ever meant to be a stop gap encryption measure. Anyone serious about securing their WiFi networks would surely have moved to WPA2 yonks ago and dumped WPA with TKIP at the earliest opportunity. Indeed, it has been some three years now since all WiFi certified products have been required to support WPA2 so it is no new thing. Heck, it’s even relatively simple to step up from TKIP to AES on a lot of older WPA only routers. Mind you, even WPA2 encryption has come under attack recently with a Russian security company claiming it can crack WPA2 passwords quickly with a little help from NVIDIA graphics cards.

The full report “A Practical Message Falsification Attack on WPA” regarding the latest WPA attack methodology can be found here.

Rated: 100% (1 votes)

Loading ...

Gatecrashing the WiFi hotspot party

By Davey Winder in Editorial

Posted in WiFi, BT on October 7, 2007 at 5:00 pm

Permalink | Author Profile

I attended at flashy BT launch party held in the restaurant on the seventh floor of the Tate Modern art gallery in London last week. Peaches Geldof providing the predictably thump thump thump dance music to which nobody was dancing. There were, however, lots of people squeezed in, enjoying the full array of services on offer such as the food and drink. My colleague and I established ourselves near one group who had just returned from the bar area armed with a huge plate of food, lots of cold cuts and olive bread, sundried tomato and roasted peppers a-plenty. We sat there, waiting for our chance to pounce, and when nobody was looking pinched a little bread and a few cold cuts. Nobody seemed to notice, nor care, so we upped the ante and swiped the entire plate. Now despite sitting just a few feet away from the people whose food it was, they were oblivious to the fact that we were helping ourselves to something that belonged to them. They had erected no obstacles to make it more difficult to swipe the food, nobody stood between us and it, nobody questioned what we were doing when we moved the plate onto our table, nobody shouted at the tattooed man sharing their food without their consent to stop.

Exactly like WiFi it seems to me.

Vast numbers of users just plug in their wireless router and start playing, without fannying about with security stuff. Not just home users, the consumer oinks who know no better, but small business users at the corporate end of the WiFi stick who really should know better. Even the basics such as changing the default root access to the router itself so there is a different password, sometimes any password at all in fact, and an admin username other than root. Not doing this leaves the hardware compromised to anyone who goes and Googles for the default security information for the router in question. But the numbers of folk who do not bother implementing any kind of perimeter security to prevent passers-by, people in the next office, anyone within range from usurping the connection and making use of bandwidth they have not paid for is remarkable.

Which is why the irony that this was the launch party for a new venture between BT and FON to form the ‘world’s largest WiFi community’ did not escape me. You see the plan is that everyone on the BT Total Broadband scheme, all three million plus of them, will be able to join the share your WiFi party. By opening a secure channel on the wireless router a small part of their bandwidth will become available for use by any other member. In effect turning your home or office into a BT FON WiFi hotspot.

Great idea, and all that, but as I have pointed out one that hundreds, thousands and possibly hundreds of thousands of people are already making a reality today without even realising it.

Rated: 100% (1 votes)

Loading ...

Is this the fastest WiFi in the UK?

By Davey Winder in Editorial

Posted in WiFi on June 4, 2007 at 11:55 am

Permalink | Author Profile

In what promises to be a world first on a number of levels, Global Secure Systems

Not yet rated

Loading ...

Tag cloud

students Military iPhone VM Performance computing Europe disclosure Windows Phone 7 Series Windows Software stupid monetisation carbon copy BOFH Patents School innovation computers Application Amazon patch management Gartner Geeks hoax Google Sex Study man-in-the-middle parental control App Store Trousers Mafia Psychic Children games technology football Google Earth management printing Big Brother stupidity rootkits recession black hat MSNBC Education credit crunch FBI Networks IT Noro ISPA credit card fraud IBM earth hour Business christmas Texting Bill Gates Beta theft eBook Review snooping Meh Programming Enterprise worker debian Browser fake banking Johnny Depp Army Space prison XP Linux universe email Battery surveys Energy Election MessageLabs virus broadband Windows 7 Paris Hilton cloud Lotus BSI scam survey lawsuit Digg PS3 Eee computing size Rant AMD chips open source scan campaign gaming Voice biometrics Jesus Phone NBC iPhone 3GS Backlash support web 2.0 Developers Internet Explorer scareware virtual world linkedin books Internet tax green Apps Silverlight mail President Retail Mobile Phone InfoSec Health standards HP ROFL Obama console dumb report Yahoo Hack Jobs ID Theft Top 10 remote working data exploit fool hypervisor Flash Government banks Microchip Microsoft Mobile Phones encryption Deal OCR library Advertising Porn hardware Addiction Tesco Cisco museum mobile Notebooks Firefox copyright worm Nexus Video ISP law Media adware web Android betting global MSN productivity terrorism NASA MiniBook OS Nintendo family Blog Twitter sick virtualisation shopping workplace Licensing search Game RAM Dell Marketing work Pirate documentation Funny crime privacy xmas help transactional security Parenting Blogging computer payments admin development Data Centre USA Sony Architecture nightmare e-commerce Rumour memory data protection Music migration millions Research office Web Development economics avatar e poll Gateway Top 500 Mars DNS economy network hubdub Death Acer Digital Footprint GSM hacker Scotland ASUS Browsers archiving China VeriSign Guardian CAPTCHA acquisition fun IP Kaspersky Kill Switch smartphone science iPod fraud ecommerce Recall The Federation Steve Ballmer information remote virtual machine services policy desktop Palm IDC Gadget Supercomputer storage Finjan holidays Olympics second life Vista Madness Psion digitise tech graphics Ballmer malware trust Trojan Press service YouTube spam SMS Employment patent Facebook hacking Russia Michael Jackson Project code HPC world of warcraft home Kindle security iPad Texas Instruments gadgets SSL Experiment symantec payment server Netbook App news Harry Potter politics wifi Analysis iPhone 3G Apple outsourcing Eee PC Banned money spending social networking compromise meme statistics staffing VPN RATM McKinnon Spotify Kin Palm Pre Conference Opinion GMail Steve Jobs phishing Zango Adobe environment Intel botnet teleworking EU