NYC Resistor

We learn, share, and make things

Another one bites the dust, first WEP, now WPA and GSM

By: hans
August 30th, 2009

PC Advisor: WPA wireless security cracked in 60 seconds

The WEP standard for encrypting wifi networks has long since been easily crackable. Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds. Expect more and better automatic cracking tools to follow, just like the WEP tools like aircrack-ng, wesside, etc. So apparently, WPA2 is now the gold standard, the one to beat. I’m guessing its only a matter of time.

Additionally, its now getting as easy to crack the GSM encryption used in GSM mobile phones, which is the most popular standard around the world: Huge GSM flaw allows hackers to listen in on voice calls

Its really time to start thinking about network security differently. Laptops are becoming ever more common, more and more phones have wifi, etc. Instead of trying to create a safe network, instead we need to think of our computers and devices as an island in rough seas. If you are smart about it, and follow good practices like turning off any network service that you are not using, you can even run a Windows box directly on the internet without problems.

7 comments
  • http://at.or.at/hans/ Hans-Christoph Steiner
  • http://www.BSoDtv.org/ Foxx

    Its sad to see how many people ay NYC Resistor have open shares with no passwords or logins on their laptops, bluetooth running, and wifi auto connect to an insecure access point. People dont even take care to deactivate the bluetooth for their cell phones. Iv'e been very disappointed. People need to think a little harder about where, when, and how their wireless technology in put into use.

  • http://glitchnyc.com ericskiff

    Yarr – we're brazen with our connectivity, matey.

    That, and we're also boring. The general populace at Resistor has nothing of
    note in their open shares, and isn't that worried about you reading their
    gmail. They walk right away from their laptops, partially in trust that the
    other folks we invite in aren't jerks.

    I'm not saying it's 100% right, but those of us that need better security
    layer that on top of the open web with SSH, VPNs, and HTTPS.

    That said, a guest course along the lines of “Don't get hacked! – basic
    guidelines for keeping your laptop safe” might be a good thing to have :)

    -E

  • Wangateur

    The only secure computer is locked in a bank vault with no power source and a guard with a gun out front … and even he can be bribed with a bottle of booze!!!!!

  • http://twitter.com/openfly openfly

    There's networks… and then there's networks. >=P

  • http://twitter.com/GlennF GlennF

    “Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”

    Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.

  • http://twitter.com/GlennF GlennF

    “Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”

    Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.