WPA2 wireless security cracked

wifi router

There are various ways to protect a wireless network. Some are generally considered to be more secure than others. Some, such as WEP (Wired Equivalent Privacy), were broken several years ago and are not recommended as a way to keep intruders away from private networks. Now, a new study published in the International Journal of Information and Computer Security, reveals that one of the previously strongest wireless security systems, Wi-Fi protected access 2 (WPA2) can also be easily broken into on wireless local area networks (WLANs).

Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless system might now be breached with relative ease by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our safe from hackers and malware.

The convenience of wireless network connectivity of mobile communications devices, such as smart phones, tablet PCs and laptops, televisions, personal computers and other equipment, is offset by the inherent security vulnerability. The potential for a third party to eavesdrop on the broadcast signals between devices is ever present. By contrast a wired network is intrinsically more secure because it requires a physical connection to the system in order to intercept packets of data. For the sake of convenience, however, many people are prepared to compromise on security. Until now, the assumption was that the risk of an intruder breaching a wireless network secured by the WPA2 system was adequately protected. Tsitroulis and colleagues have now shown this not to be the case.

If setup correctly, WPA2 using pre-shared key (PSK) encryption keys can be very secure. Depending on which version is present on the wireless device it also has the advantage of using strong encryption based on either the temporal key integrity protocol (TKIP) or the more secure counter mode with cipher block chaining message authentication code protocol (CCMP). 256-bit encryption is available and a password can be an alphanumeric string with special characters up to 63 characters long.

The researchers have now shown that a on the WPA2 password is possible and that it can be exploited, although the time taken to break into a system rises with longer and longer passwords. However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast- scanner and a determined intruder. They also point out that while restricting network access to specific devices with a given identifier, their media access control address (MAC address), these can be spoofed.

There are thus various entry points for the WPA2 protocol, which the team details in their paper. In the meantime, users should continue to use the strongest encryption protocol available with the most complex password and to limit access to known devices via MAC address. It might also be worth crossing one's fingers…at least until a new becomes available.

Explore further

WPA Wi-Fi Encryption Cracked In Sixty Seconds

More information: "Exposing WPA2 security protocol vulnerabilities" in Int. J. Information and Computer Security, 2014, 6, 93-107. DOI: 10.1504/IJICS.2014.059797
Citation: WPA2 wireless security cracked (2014, March 20) retrieved 20 August 2019 from https://phys.org/news/2014-03-wpa2-wireless.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Mar 21, 2014
Sensitive stuff, maybe everything, should be via an encrypted VPN. Anywhere you have to use an untrusted network, wired or wireless (in this case that might well be all wireless). This ought to be the default way computers make connections now-a-days. Make you actually have to work harder to enable non-VPN access.

Mar 21, 2014
When I first earned my ham radio license decades ago, my mentors told me in very grave tones:

"Don't say anything on the radio that you wouldn't want the whole world to hear!"

Even if you encrypt, there is a half life of sorts to the methods used to establish that encryption. Do not ever expect that the encryption will last a lifetime --because it won't.

Mar 22, 2014
"The researchers have now shown that a brute force attack on the WPA2 password is possible and that it can be exploited, although the time taken to break into a system rises with longer and longer passwords"

Brute-force on WPA2 was already existing for years, and pretty exploitable too... http://www.aircra...king_wpa

Can't get access to the paper, I don't know what else they discovered. Looks like a damp squib.

Mar 23, 2014
This stuff is known long time ago! they just now "discovered"? Just have to look aircrack open source software...

Mar 24, 2014
The easiest way to protect against brute force attacks on WPA2 is to set the re-authentication wait time to one or a few seconds. This way, it would take them years to try all combinations even for a short password.

Mar 25, 2014
The easiest way to protect against brute force attacks on WPA2 is to set the re-authentication wait time....
That's not how the key is bruteforced:
To sum up:
- the first step is capturing the 4-way-handshake between AP and client, this handshake contains a hash of key+SSID and the capturing process is passive (but can be expedited by sending de-auth packets to a client of the AP).
- the second step is bruteforcing the key offline with something like hashcat or john-the-ripper (it works by making guesses and seeing if the hash generated from the guess matches the hash captured. Multi-gpu PC's can generate over 500,00 WPA hashes per second).

The first time you send anything to the AP is when you log in after finding the key.

Anyway, I really don't see why I'm reading about this "discovery" in 2014. Maybe I should write a paper exposing the vulnerability of physical locks to carefully shaped pieces of metal I call "lockpicks".

Apr 02, 2014
I accessed this paper via my school's library and let me tell you it is a load of rubbish. Worst article I have ever read. Its like some recent high schoolers just discovered Aircrack-ng. Basically they said they had a method for created a "fool proof" dictionary i.e. contains all possible character combinations of the WPA-2 standard. I almost busted out laughing when I read it too. They wrote a Java application to create the dictionary which probably was 20 lines of code... And if they actually did try make this the dictionary it would be 3.991929703310227E124 pass phrases. They recommend a supercomputer to do the work which by the way even the fastest one would still take longer than the universe has been in existence haha. So the moral of the story is you have 3 retards who found a conference that has no idea about what they publish.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more