IT PRO: Blogs: Davey Winder: WiFi

Home

Davey Winder's Blog

WiFi Security: Gone in 60 Seconds

Posted in WiFi, Security on August 30, 2009 at 10:14 pm

Without repetition, hesitation or deviation WPA WiFi Encryption has been cracked wide open - in just a minute. Yep, Japanese researchers at Hiroshima and Kobe universities have reportedly managed to break the WPA encryption found on wireless routers in less than 60 seconds.

Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University will be explaining all to an eager audience in Hiroshima at a technical conference towards the end of September. It is, I am led to believe, the first time that previously purely theoretical WPA hacking techniques have been moved into the seriously practical realm. So whereas previous WPA attacks have been able to crack a relatively small set of routers, and took an admittedly still rather worryingly quick 15 minutes or so, the new method is said to be far more wide reaching and a whole heap quicker despite it using a similar approach in targeting the TKIP algorithm.

As far as I am aware, both WPA2 and AES remain safe from the techniques involved.

I have to admit that I am not entirely surprised by the new claims, only surprised that it has taken so long to destroy the integrity of what was only ever meant to be a stop gap encryption measure. Anyone serious about securing their WiFi networks would surely have moved to WPA2 yonks ago and dumped WPA with TKIP at the earliest opportunity. Indeed, it has been some three years now since all WiFi certified products have been required to support WPA2 so it is no new thing. Heck, it’s even relatively simple to step up from TKIP to AES on a lot of older WPA only routers. Mind you, even WPA2 encryption has come under attack recently with a Russian security company claiming it can crack WPA2 passwords quickly with a little help from NVIDIA graphics cards.

The full report “A Practical Message Falsification Attack on WPA” regarding the latest WPA attack methodology can be found here.

Rated: 100% (1 votes)

Loading ...

Gatecrashing the WiFi hotspot party

By Davey Winder in Editorial

Posted in WiFi, BT on October 7, 2007 at 5:00 pm

Permalink | Author Profile

I attended at flashy BT launch party held in the restaurant on the seventh floor of the Tate Modern art gallery in London last week. Peaches Geldof providing the predictably thump thump thump dance music to which nobody was dancing. There were, however, lots of people squeezed in, enjoying the full array of services on offer such as the food and drink. My colleague and I established ourselves near one group who had just returned from the bar area armed with a huge plate of food, lots of cold cuts and olive bread, sundried tomato and roasted peppers a-plenty. We sat there, waiting for our chance to pounce, and when nobody was looking pinched a little bread and a few cold cuts. Nobody seemed to notice, nor care, so we upped the ante and swiped the entire plate. Now despite sitting just a few feet away from the people whose food it was, they were oblivious to the fact that we were helping ourselves to something that belonged to them. They had erected no obstacles to make it more difficult to swipe the food, nobody stood between us and it, nobody questioned what we were doing when we moved the plate onto our table, nobody shouted at the tattooed man sharing their food without their consent to stop.

Exactly like WiFi it seems to me.

Vast numbers of users just plug in their wireless router and start playing, without fannying about with security stuff. Not just home users, the consumer oinks who know no better, but small business users at the corporate end of the WiFi stick who really should know better. Even the basics such as changing the default root access to the router itself so there is a different password, sometimes any password at all in fact, and an admin username other than root. Not doing this leaves the hardware compromised to anyone who goes and Googles for the default security information for the router in question. But the numbers of folk who do not bother implementing any kind of perimeter security to prevent passers-by, people in the next office, anyone within range from usurping the connection and making use of bandwidth they have not paid for is remarkable.

Which is why the irony that this was the launch party for a new venture between BT and FON to form the ‘world’s largest WiFi community’ did not escape me. You see the plan is that everyone on the BT Total Broadband scheme, all three million plus of them, will be able to join the share your WiFi party. By opening a secure channel on the wireless router a small part of their bandwidth will become available for use by any other member. In effect turning your home or office into a BT FON WiFi hotspot.

Great idea, and all that, but as I have pointed out one that hundreds, thousands and possibly hundreds of thousands of people are already making a reality today without even realising it.

Rated: 100% (1 votes)

Loading ...

Is this the fastest WiFi in the UK?

By Davey Winder in Editorial

Posted in WiFi on June 4, 2007 at 11:55 am

Permalink | Author Profile

In what promises to be a world first on a number of levels, Global Secure Systems

Not yet rated

Loading ...

Tag cloud

Gadget RATM survey dumb Gartner poll Experiment Game Apple Rant ID Theft Blogging Apps DNS Palm Pre Internet Explorer biometrics MSN Networks patch management Spotify storage OS iPhone Zango OCR AMD Kill Switch Eee PC transactional security virtualisation christmas iPhone 3GS Internet Sony sick encryption Obama Browsers Russia InfoSec Palm recession size Performance computing Election Music graphics Supercomputer theft Browser Geeks Project Deal rootkits terrorism FBI Opinion admin IT data workplace information Noro wifi adware support family mail Twitter Pirate policy news copyright Programming Research Architecture trust Education Rumour Lotus botnet hacker Texas Instruments Madness Jesus Phone Intel Blog Digg Trojan hypervisor hoax Enterprise RAM Advertising Software Government School Notebooks Ballmer gadgets code service teleworking NASA smartphone banks Gateway computer open source desktop VM digitise debian universe Mafia Michael Jackson Bill Gates linkedin Linux Voice migration worker Battery Study scareware black hat law web outsourcing Flash BOFH Cisco credit card fraud Psychic Death MessageLabs football data protection e Eee prison Nintendo computers Developers Military Mobile Phone global Scotland memory credit crunch lawsuit Psion office staffing Review Banned ROFL eBook snooping Nexus Harry Potter report worm holidays economy symantec phishing SMS Funny stupidity library earth hour Retail HP ISPA spending CAPTCHA MiniBook Finjan security Media Kin e-commerce Health fraud HPC Windows Phone 7 Series virtual world Kindle tech Google Earth meme ecommerce iPad printing Netbook fake VPN broadband banking museum NBC Kaspersky Recall Silverlight SSL Microchip home Application iPhone 3G search technology Paris Hilton Analysis development Olympics Video hubdub scan Europe Energy Employment green IBM Firefox cloud Parenting money nightmare Android Guardian fool IDC Johnny Depp App Store compromise President Big Brother malware science scam Beta management Yahoo monetisation Sex gaming network help remote social networking iPod China ASUS Marketing Vista Hack XP games Texting Meh payment server PS3 statistics stupid Acer Dell email Steve Ballmer man-in-the-middle archiving campaign Web Development avatar web 2.0 Top 10 innovation Google virus Digital Footprint computing mobile hardware Business work payments BSI xmas virtual machine ISP shopping GMail Army Mars Licensing privacy MSNBC YouTube chips crime Microsoft Addiction Jobs hacking Facebook Windows Backlash Press exploit standards VeriSign second life Adobe patent Windows 7 spam productivity Trousers Porn Top 500 console USA App parental control betting documentation world of warcraft politics EU carbon copy The Federation millions acquisition environment Children disclosure Space fun books Patents Mobile Phones Steve Jobs students McKinnon Data Centre remote working Tesco economics GSM Amazon surveys tax services Conference IP