Just in the past few weeks, the headlines have been going by. Each of them stating in big bold black letters that WPA has been cracked, and that everyone is at risk. So naturally, from that headline it would seem that WPA has gone the way of WEP. This couldn't be any further from the truth. There are probably a couple of reasons for this.
1.) Encryption is a complicated subject, of which maybe 10% of all people actually understand the inner workings.
2.) WPA Cracked, is a much more attention grabbing headline than, hackers can inject very small packets onto your QOS enabled TKIP network.
So my point is, that yes TKIP, the protocol used in the WPA standard has some weaknesses, that have been breached. How big is the breach, well you can decide. Here's a rundown on the attack as I understand it.
1.) The attacker uses the Chop/Chop method of attack to the CRC or ICV portion of the packet. This is very similar to the previous WEP hacks. TKIP was actually born out of WEP, with several improvements bolted on.
2.) This is where it gets complicated. Once you have learned the ICV, your next target in the packet is the MIC portion. Through some MIC spoofing protections built into TKIP, an attacker has to wait 12 whole minutes before they can get a workable MIC.
3.) Through the use of the RC4 cipher, which is the cipher used in TKIP, as opposed to AES128 with CCMP in the WPA2 standard, an attacker can take the good MIC and ICV to inject packets onto the network. There is another TKIP protection that also defends against replay protection. Most routers won't be susceptible to these attacks. The gotcha occurs in routers with QoS enabled. Replay protection is still in affect, however its on a channel by channel basis.
So the bottom line of this hack, is that a hacker could inject very small packets onto your wireless lan. They can not decrypt your payload, yet. Does this mean that TKIP is totally unsafe for corporate or home use, probably not. But what it does mean, is that its days are officially numbered.
No comments:
Post a Comment