Aug 302009
 

PC Advisor: WPA wireless security cracked in 60 seconds

The WEP standard for encrypting wifi networks has long since been easily crackable. Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds. Expect more and better automatic cracking tools to follow, just like the WEP tools like aircrack-ng, wesside, etc. So apparently, WPA2 is now the gold standard, the one to beat. I’m guessing its only a matter of time.

Additionally, its now getting as easy to crack the GSM encryption used in GSM mobile phones, which is the most popular standard around the world: Huge GSM flaw allows hackers to listen in on voice calls

Its really time to start thinking about network security differently. Laptops are becoming ever more common, more and more phones have wifi, etc. Instead of trying to create a safe network, instead we need to think of our computers and devices as an island in rough seas. If you are smart about it, and follow good practices like turning off any network service that you are not using, you can even run a Windows box directly on the internet without problems.

 Posted by at 7:37 pm
  • http://at.or.at/hans/ Hans-Christoph Steiner
  • http://www.BSoDtv.org/ Foxx

    Its sad to see how many people ay NYC Resistor have open shares with no passwords or logins on their laptops, bluetooth running, and wifi auto connect to an insecure access point. People dont even take care to deactivate the bluetooth for their cell phones. Iv'e been very disappointed. People need to think a little harder about where, when, and how their wireless technology in put into use.

    • http://glitchnyc.com ericskiff

      Yarr – we're brazen with our connectivity, matey.

      That, and we're also boring. The general populace at Resistor has nothing of
      note in their open shares, and isn't that worried about you reading their
      gmail. They walk right away from their laptops, partially in trust that the
      other folks we invite in aren't jerks.

      I'm not saying it's 100% right, but those of us that need better security
      layer that on top of the open web with SSH, VPNs, and HTTPS.

      That said, a guest course along the lines of “Don't get hacked! – basic
      guidelines for keeping your laptop safe” might be a good thing to have :)

      -E

  • Wangateur

    The only secure computer is locked in a bank vault with no power source and a guard with a gun out front … and even he can be bribed with a bottle of booze!!!!!

  • http://twitter.com/openfly openfly

    There's networks… and then there's networks. >=P

  • http://twitter.com/GlennF GlennF

    “Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”

    Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.

  • http://twitter.com/GlennF GlennF

    “Now the next ‘uncrackable’ standard, WPA, can be cracked in 60 seconds”

    Except that's incorrect. The exploit that was reported on doesn't crack WPA. It's a quite specific, clever, and interesting approach that requires man-in-the-middle physical interposition between an AP and client, only works on very short packets (currently only ARP), and works only on the per-packet MIC keys.