Jump to content
xisto Community
Sign in to follow this  
Followers 0
Saint_Michael

Wpa Wi-fi Encryption Is Cracked

By Saint_Michael, in Security issues & Exploits

Recommended Posts

Saint_Michael    3

Saint_Michael
Posted

Well it would seem that white hat crackers have done it again and then foolishly show everyone how it is done, heck I wouldn't be surprise if two guys who broke this gave them directions on how to do it. However, the problem is though that WPA is the better alternative in securing your WIFI routers because of the fact that WEP security got cracked and is pretty much useless. Like one person mention if this partial crack works then WPA has taking a big blow especially since practically all businesses use WIFI in one form or another. It does say that that WPA2 can survive the attack, but knowing these to white hat crackers they are going to keep on developing the WPA encryption crack until either those two get through or some finds out how they did it and they get through.

So for those who are still using WEP change to WPA at least you get the better protection for now and here is a link to a small guide and even though you might not have this router use it as a guide to set up your WPA security.

http://forums.xisto.com/no_longer_exists/

SOURCE

http://forums.xisto.com/no_longer_exists/

Share this post

Link to post
Share on other sites

BuffaloHelp    24

BuffaloHelp
Posted

The news of WEP cracking surfaced on the internet about 5 years ago. Since then the introduction of WPA and future WPA2 could be also cracked were in the work.

I have been cracking WPA for over 2 years and this isn't new. And it's not even a security threat. It's only security threat if you open your ports to anyone who is in the network. And you protect your network by encrypting the Wi-Fi connection (see how that works?). WPA crack becomes a security threat if you can decrypt the packet data transferred between a PC and the router. And as the article clearly states:

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

This means your credit card, for example, purchasing information used in WPA is still safe--for now--even though your WPA network was compromised by someone who "hacked" into your Wi-Fi.

What the article is introducing, however, is the amount of time it requires to crack TKIP (Temporal Key Integrity Protocol) key in 15 minutes or so. This is a revolutionary compare to my method of collecting 500,000 to 1,000,000 packets and then trying to decrypt TKIP key. Collecting packets are nothing more than turning your laptop into packet sniffing tool by installing AirCrack or anything similar packet sniffing program. As long as you have the proper hardware (AirCrack compatible Wi-Fi card) just leave your laptop on to any frequency or particular frequency (router channel) and start collecting. Once you have enough packets run AirCrack decrypting program and find TKIP key. The hardest part is to collect half a million to a million packets (useful packets). This takes time. If you have good collected packets it takes decrypting program to find TKIP key less than 10 minutes. But to collect good packets it's a waiting game. Sometimes I waited over a month to collect enough packets to crack WPA key.

Another way to crack WPA is to force the handshake and reconnection, so called. This is a brute force attack mode where two PC's with Wi-Fi equipped machines are required. Onc would start the attack forcing WPA encrypted router to authenticate the TKIP. And during that split moment the second PC will be listening and collecting packets that requires authentication encryption. The instruction is basically stated because our forum does not allow the full discussion how to crack/hack what is against our forum rules. But basically you get the idea.

Attending the PacSec Conference will reveal how exactly WPA was breached but for now anything is a guess. They may be attempting to crack WPA TKIP by having 10 attack PC's and 10 listening PC's. Maybe someone will post it on YouTube and I get to watch how they do it :lol:

Share this post

Link to post
Share on other sites

BuffaloHelp    24

BuffaloHelp
Posted

Wait....so people can hack into your internet provider and use your internet that you pay for?

Those who can will not be hacking into your internet provider but your wireless network system. If you installed wireless router with your internet service, and enabled WPA to keep freeloaders out (as well as keeping your network safe) using various tools some people can use your wireless signal to connect to the internet.

But, if they are that "smart" enough to do so, they will not maliciously hack to cause any harm. But there are those who will do and hopefully they are not living around you. For those who are able to crack WPA TKIP keys they probably have their own, and faster, ISP or yet aircard that can surf from anywhere--no need to borrow someone else's signal.

And for those who are neither of the above examples are using this skill to earn some consulting jobs to demonstrate the vulnerability and suggest redundant network tap or constant surveillance of wireless and wired network system. So the average public need not to fear because those high-tech criminals are not going to be in your neighborhood hopping on your wi-fi just to do some dirty deeds--they will not be staying in one place too long, yet they will be somewhere underground or in a far offshore beach hopping on another network after network to cover their trace.

Just like a hacker would not waste his/her time hacking into a computer with a dial up connection (too slow to pump anything out), high-tech criminals will not drive by and hop onto some Joe the "plumber" neighborhood. But, the key is that even WPA is not 100% secure. Letting your guard down just because you used WPA encryption would be your worst criminal.

Share this post

Link to post
Share on other sites

Saint_Michael    3

Saint_Michael
Posted

The news of WEP cracking surfaced on the internet about 5 years ago. Since then the introduction of WPA and future WPA2 could be also cracked were in the work.
I have been cracking WPA for over 2 years and this isn't new. And it's not even a security threat. It's only security threat if you open your ports to anyone who is in the network. And you protect your network by encrypting the Wi-Fi connection (see how that works?). WPA crack becomes a security threat if you can decrypt the packet data transferred between a PC and the router. And as the article clearly states:
This means your credit card, for example, purchasing information used in WPA is still safe--for now--even though your WPA network was compromised by someone who "hacked" into your Wi-Fi.

What the article is introducing, however, is the amount of time it requires to crack TKIP (Temporal Key Integrity Protocol) key in 15 minutes or so. This is a revolutionary compare to my method of collecting 500,000 to 1,000,000 packets and then trying to decrypt TKIP key. Collecting packets are nothing more than turning your laptop into packet sniffing tool by installing AirCrack or anything similar packet sniffing program. As long as you have the proper hardware (AirCrack compatible Wi-Fi card) just leave your laptop on to any frequency or particular frequency (router channel) and start collecting. Once you have enough packets run AirCrack decrypting program and find TKIP key. The hardest part is to collect half a million to a million packets (useful packets). This takes time. If you have good collected packets it takes decrypting program to find TKIP key less than 10 minutes. But to collect good packets it's a waiting game. Sometimes I waited over a month to collect enough packets to crack WPA key.

Another way to crack WPA is to force the handshake and reconnection, so called. This is a brute force attack mode where two PC's with Wi-Fi equipped machines are required. Onc would start the attack forcing WPA encrypted router to authenticate the TKIP. And during that split moment the second PC will be listening and collecting packets that requires authentication encryption. The instruction is basically stated because our forum does not allow the full discussion how to crack/hack what is against our forum rules. But basically you get the idea.

Attending the PacSec Conference will reveal how exactly WPA was breached but for now anything is a guess. They may be attempting to crack WPA TKIP by having 10 attack PC's and 10 listening PC's. Maybe someone will post it on YouTube and I get to watch how they do it :lol:


Well I would think their method is new in terms of what they are doing, it was mention in the article that the dictionary attack is the most common and from the looks of it this could day hours to days to get into the system. So I was partially right that this is a new technique that is a lot faster and uses less resources. As for the handshake and reconnection it just sounds like the other computer is useds as a packet sniffer and lays in hiding while the other computer does the work then.

Wait....so people can hack into your internet provider and use your internet that you pay for?

Anyone can hack into your computer use your connection, but hacking into WIFI is difference because you need to decrypt the packets that are being sent because that information gets encrypted before it is sent. So you would need to collect a lot of packets and then piece them together in order to get into the WIFI connected router.

Those who can will not be hacking into your internet provider but your wireless network system. If you installed wireless router with your internet service, and enabled WPA to keep freeloaders out (as well as keeping your network safe) using various tools some people can use your wireless signal to connect to the internet.
But, if they are that "smart" enough to do so, they will not maliciously hack to cause any harm. But there are those who will do and hopefully they are not living around you. For those who are able to crack WPA TKIP keys they probably have their own, and faster, ISP or yet aircard that can surf from anywhere--no need to borrow someone else's signal.

And for those who are neither of the above examples are using this skill to earn some consulting jobs to demonstrate the vulnerability and suggest redundant network tap or constant surveillance of wireless and wired network system. So the average public need not to fear because those high-tech criminals are not going to be in your neighborhood hopping on your wi-fi just to do some dirty deeds--they will not be staying in one place too long, yet they will be somewhere underground or in a far offshore beach hopping on another network after network to cover their trace.

Just like a hacker would not waste his/her time hacking into a computer with a dial up connection (too slow to pump anything out), high-tech criminals will not drive by and hop onto some Joe the "plumber" neighborhood. But, the key is that even WPA is not 100% secure. Letting your guard down just because you used WPA encryption would be your worst criminal.


That is why many hackers War drive for wireless signals and that way if they find and open connection they can find out what is on the other side of the signal and in the case of TJ Max, it was connected to credits cards dating a few years.

Share this post

Link to post
Share on other sites

TheDisturbedOne    1

TheDisturbedOne
Posted

I'm not sure if I understand this right, but does this mean that now the password will be able to be found out? My grandfather's network works (it's wireless), but he forgot the password, so it can't be used anymore.Will I be able to find out the password now?

Share this post

Link to post
Share on other sites

Saint_Michael    3

Saint_Michael
Posted

I'm not sure if I understand this right, but does this mean that now the password will be able to be found out? My grandfather's network works (it's wireless), but he forgot the password, so it can't be used anymore.Will I be able to find out the password now?


Well more like the password can be bypass but most of the time though you can gain the password and be able to do whatever you want to the network the Wi-Fi router is connected to. As for your password problem all you need to do is reset the router and the default password is reset to either admin, Password or 12345 and so that should fix your problem.

Share this post

Link to post
Share on other sites

iGuest    3

iGuest
Posted
Encrypt sensitive dateWpa Wi-fi Encryption Is Cracked

That is nothing new but it is reason why use tools like TRUECRYPT that is FREE and VERY efficient and extremely SECURE!

-reply by Mike

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept