Wait Just One Minute Mr. Wi-Fi!

From the "wait a minute, are you sure that's safe?" department: 



It took Japanese researchers only 60 seconds but it appears as if  the replacement to the extremely vulnerable WEP needs replacing. 



The WPA encryption system used for wireless security can hacked in about 60 seconds.  That's scary since the WPA protocol and related TKIP were created due to weaknesses discovered in Wired Equivalent Privacy (WEP).



According to CBR, "The security attack they have formulated for the Wi-Fi Protected Access or WPA protocol is similar to one known as the Beck-Tews attack which appeared last year as a means of recovering plain text from an encrypted short packet, and from there falsifying it.  That took anything up to 15 minutes. But with this latest message falsification attack, which is good for pretty much any WPA implementation, the execution time is cut to about one minute in the best case."



Can't say I'm surprised...the writing was on the wall...(see previous posts on wireless insecurity below) Remember, our boy Albert Gonzalez,.a.k.a. "SoupNazi" got his start thanks to WEP by Wardriving. 

PIN Debit Payments Blog: Wireless Security Does Not Have Any...

Mar 15, 2009

The group accused of stealing the TJX data was believed to have hacked into several stores' weakly encrypted wireless networks. Last year, supermarket company Hannaford Bros. reported a data breach, saying customer accounts at stores in ...

Airtight Study of Financial Districts Reveals Wi-Fi Security Risks

May 14, 2009

AirTight Networks published a study of wireless access points and found that the majority still use WEP and the WEP cracking time is less than five minutes. Interesting study. The URL to the PDF is at the end of this post. ...

PIN Debit Payments Blog: First Data Introduces Wireless, Battery ...

Aug 17, 2009

DENVER - August 17, 2009 - First Data, a global leader in electronic commerce and payment processing services, announced today that it is launching the FD400, the first low-cost, battery-powered, wireless point-of-sale terminal for

PCI Council Publishes Wireless Security Guidlines for Payment Cards

Jul 15, 2009

Considering today's announcement that PCI is publishing "wireless" security guidelines, I don't see any reason why the council wouldn't be 100% behind putting together a Web Special Interest Group (SIG) and begin this much needed ...

 

More on the "WarDriving 11" and their 40 Million Card Data Theft

Aug 19, 2008

Despite serving as an informant, the Justice Department claims, Gonzalez also began "wardriving" in the areas around US Highway 1 in Miami, according to this month's indictments. The term refers to the tactic of cruising in a vehicle 

PIN Debit Payments Blog: Wireless Identity Theft - More on Hackers 11

24 Nov 2008 

In an article published on IBLS (Internet Business Law Services) the author talks about wireless hacking (See WarDriving 101), Hackers 11 and possible changes in laws relating to cybercriminal behavior. ...

Related articles

• New attack cracks common Wi-Fi encryption in a minute (infoworld.com)


• One-minute WiFi crack puts further pressure on WPA (arstechnica.com)


• WEP = Fail; WPA+TKIP = Fail (q-ontech.blogspot.com)


• New attack breaks Wi-Fi security in a minute (vator.tv)


• WPA encryption cracked in under a minute (crunchgear.com)


• WiFi Demystified - Part II (techie-buzz.com)