Clarifications on WPA/TKIP Vulnerabilities

Recently, a research paper published from Japanese academics demonstrated a newer, faster, and more reliable way to crack wireless networks that use WPA/TKIP protocols.  In the best case, such a network can be compromised in less than 1 minute now.

So, what does this mean?  First, we need to understand what WPA/TKIP is.  Essentially, WPA/TKIP is a method of securing wireless networks.  Wifi Protected Access/Temporal Key Integrity Protocol (WPA/TKIP) was created to fix shortcomings of an early form of wireless encryption known as WEP (Wired Equivalent Privacy).   Just as the name applies, WEP was designed to simulate an equivalent form of protection that would be found on any wired network.  As we know, WEP failed miserably, and today such networks can be compromised by anyone with even the most basic understanding of computers with simple applications that are readily available online.   As a result of these weaknesses of WEP, TKIP was created.

Until recently, TKIP has been a viable alternative to WEP.  Then, in November of 2008, Martin Beck and Erik Tews discovered an attack against TKIP.  Essentially, they found an exploitable hole that exploited WPA/TKIP installations that also implemented IEEE802.11e (or Quality of Service) features.  Together, with their fellow students and the aircrack-ng team, they revealed how to send bogus data to an unsuspecting WiFi client on a WPA/TKIP network.   However, since this attack does not reveal the actual key, and since exploits were “minimal” this did not gain much public attention.  Examples of attacks that could be exploited using Beck and Tews’ attack would be ARP poisoning causing confusion in routing traffic and Denial-of-Service attacks that would lock out all clients from a wireless network.

What was overlooked though is the fact that it showed that there are real flaws in TKIP.  And, as is the case in wireless networking and security, it’s only a matter of time before others start expounding upon this research and come up with other ingenious ways of exploitation.  For example, not even a year after this another group of students (Finn Michael Halvorsen and Olav Haugen) from the Norwegian University of Science and Technology Department of Telematics released another cryptanalysis of TKIP.  There thesis and source code for modifications to aircrack-ng’s tools can be found here.  Essentially, they expounded upon Beck and Tews’ earlier study and determined ways of exploiting the network beyond ARP poisoning and DoS attacks.  Examples include:

DHCP DNS Attack:  Basically, in this attack a victim client would accept a packet from the hacker that would allow the attacker to respond to DNS queries with fake DNS replies; thus, forcing an unwitting victim to visit unintended websites or other network locations.  From there, further attacks could be attempted.

NAT Traversal Attack:  In this example, an attacker could inject a fake packet to the client that appears to originate from an external IP address at a specific port.  The victim machine would then respond to this request forcing the route to establish a NAT mapping between the internal computer and external ports and IP addresses.  The external machine will now be able to send traffic directly to the internal victim client on the open port in the firewall.  This could then for instance be used to exploit some unpatched vulnerability at the client or reveal Internet IP address of the network which would be useful in other scenarios as well.

Even still, many did not take this seriously.   The answer many gave to counter the above was to simply disable the QoS features on wireless networks or make other simple “modifications” to their setup to combat and prevent the attacks outlined above.  Well, now Japanese students Toshihiro Ohigashi and Masakatu Morii of Hiroshima University and Kobe University discovered an even more efficient means of attacking TKIP and published their findings here.  The Beck-Tews attack would normally take about 12-15 minutes to exploit and also required QoS to be implemented on the wireless network thereby limiting the scope of attacks and what could be targeted.  These new discoveries, however, allow attackers to exploit all TKIP implementations much faster.

You can easily imagine how the new findings will allow future researchers, academia, and hackers to go beyond the attacks outlined above.  It’s only now a matter of time before further compromises and attacks are discovered that could take even further advantage of networks that have implemented TKIP across their enterprise.  With this knowledge, I hope it is understood that TKIP should not be used further on wireless networks that need to be secured.  There are still technologies such as WPA2/AES that have not been compromised and are readily available on commercial grade wireless access points and equipment.   If you haven’t done so already, make the switch