New WPA TKIP attack
posted Nov 9th 2008 7:00pm by Eliot Phillipsfiled under: news, security hacks, wireless hacks
[Martin Beck] and [Erik Tews] have just released a paper covering an improved attack against WEP and a brand new attack against WPA(PDF). For the WEP half, they offer a nice overview of attacks up to this point and the optimizations they made to reduce the number of packets needed to approximately 25K. The only serious threat to WPA so far has been the coWPAtty dictionary attack. This new attack lets you decrypt the last 12 bytes of a WPA packet’s plaintext and then generate arbitrary packets to send to the client. While it doesn’t recover the WPA key, the attacker is still able to send packets directly to the machine they’re attacking and could potentially read back the response via an outbound connection to the internet.
[photo: niallkennedy]
[via SANS]
http://aircrack-ng.org/doku.php
Posted at 12:06 pm on Dec 24th, 2008 by design