Home page logo

dailydave logo Dailydave mailing list archives

Re: All Ur WiFi(WPA) R Belong 2 PacSec
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 07 Nov 2008 10:27:21 -0500

Hash: SHA1

This article has a good summary of the technique, for those not going
to Japan. While good work, it's not going to worry me if I have a WPA
network set up at home or as part of my business. At least, not yet
(and maybe not ever - we'll see :> ).

The other mitigating factors according to the article are:
 o It works like chopchop on small packets only
 o Busy networks might make it impractical
 o You can only send packets from the AP to the endpoints


- -dave

Dragos Ruiu wrote:
Just as a heads up, one of the author(s) of the first practical
crypto attack against WPA secured wireless networks, besides
launching a dictionary attack when a weak pre-shared keys(PSK) are
used, Erik Tews, will be speaking at PacSec in Tokyo, on Thursday
next week. More specifically, his attack uses a combination of
protocol weaknesses and cryptographic weaknesses to compromise TKIP
encryption. The attack lets the attacker inject seven packets into
the network, per decrypt window. It's an interesting attack,
because it also hints at other attack forms, so it is rather open
ended research.

You should discontinue use of TKIP is my recommendation.

The problem with this is that most AP implementations that I have
seen will automatically drop back to TKIP from CCMP(AES) to support
older clients. You should disable this if you are given the option
on your AP or WiFi router configuration. Unfortunately how to do
this varies on each router's configuration systems, and some
routers do not provide facilities to do this.

If you aren't given the option to disable this, you might want to
think about getting a different Access Point or WiFi Router. :-)

You should seriously consider using some higher level encryption
facilities such as a VPN, IPsec, or SSH to secure your
communications over wireless. Look at ssh -D <port> (or equivalent
putty options) to a wired host and the socks proxy options on your
browser to use that port on localhost, when surfing over wireless.

On some equipment CCMP is called WPA2 and TKIP is WPA. The WPA spec
leaves support of CCMP(AES) optional while the WPA2 spec mandates
both TKIP and AES capability.

Important WPA/WPA2 Recommendations:

-Use only CCMP(AES). -Disable Negotiations to TKIP from CCMP(AES).
-If you must use TKIP, rekey every 120 seconds.

Quote: To prevent this attack, we suggest using a very short
rekeying time, for example 120 seconds or less. ... The best
solution would be disabling TKIP and using a CCMP only network.

Oh, P.S. AFAIK some of the code to do this attack is out :).

If you want to find out more, you have to come to PacSec. :-) The
details are fairly intricate but the bottom line is above. Consider
yourselves duly warned.

cheers, --dr

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]