Researchers have discovered a method that bypasses WPA encryption and will release the exploit tool next week. Fret not, for there are fixes you can use, such as switching to WPA2 or changing the WPA algorithm from TKIP to AES. Better check your Wi-Fi networks.
With the exploit tool in hand, hackers will be able break into networks that have WPA with TKIP encryption. TKIP is a predecessor of AES and was developed to overcome the flaw with WEP [Wired Equivalent Private] security. WPA is essentially WEP with a couple of fixes. The TKIP algorithm rotates keys between clients and access points after enough packets pass between them. By default, most routers on the market change the keys every couple of hours. The exploit takes advantage of this data flowing to and from access points and masquerades its packets by inserting its own and passing them to clients. The packet insertion bypasses the countermeasures used by routers can catch the malicious activity. From a computer's point of view, the data packets appear to belong to a legitimate access point. According to Farina, just seven packets are needed to gain access to a computer.
Researchers found it even easier to gain access to wireless networks that are using QoS [Quality of Service]. Networks that mix data and voice packets often rely on QoS to prioritize the voice data. However, data packets with QoS are rearranged in sequential order so that they travel faster and are received efficiently. The protection algorithm used by TKIP was relaxed to allow for QoS.
As the exploit tool gains access to a computer, hackers can easily inject new packets and install and execute tools such as Metasploit that can give them permanent access. Metasploit is a large toolkit for testing exploits and it uses well known exploits in its arsenal. Rick said, "With 2 or 3 packets you can fit most tools in the Metasploit toolkit," Farina said.
Because the exploit is specific, users simply need to change the WPA encryption to work with AES or change it to the much more hardened WPA2. If your router doesn't support WPA2, the best course of action is to shorten the timing of the TKIP in the routers, so that keys are refreshed every two minutes or less. The fast refresh makes it harder but not impossible for hackers to gain access. The best course of action, however, is to buy a new router that supports WPA2.
No comments:
Post a Comment