Skip the navigation
News

Once thought safe, WPA Wi-Fi encryption is cracked

By Robert McMillan
November 6, 2008 12:00 PM ET

IDG News Service - Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what's known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

WPA is widely used on today's Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption, and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.

"Everybody has been saying, 'Go to WPA because WEP is broken,'" Ruiu said. "This is a break in WPA."

If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management at wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.

Ruiu expects a lot more WPA research to follow this work. "It's just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground."

Reprinted with permission from IDG.net. Story copyright 2010 International Data Group. All rights reserved.
Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Mobile and Wireless White Papers
Digital Transformation: Creating New Business Models Where Digital Meets Physical
Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
Empowering Your Mobile Worker
Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business...
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
Calculating ROI for Mobile Client Acceleration
As mobile devices continue to expand in business use, ensuring these devices have optimal performance is becoming an IT imperative. This EMA paper...
Tablet Computing Without Compromise
This paper provides an overview of how and why that migration-from any old tablet to Windows tablets-came to be.
All Mobile and Wireless White Papers
Mobile and Wireless Webcasts
Live Webcast
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Supporting Mobile Productivity With A Limited IT Budget
Join us and hear from Kaseya mobile IT management experts as we discuss core strategies for supporting the mobile revolution on a shoestring...
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Unified Communications 101
What's the best way to implement a unified communications solution for your organization?
QNX® and BlackBerry® PlayBook™ Tablet.
RIM's multi-processor, multi-tasking BlackBerry PlayBook runs a new Tablet OS powered by QNX, a bullet-proof microkernel operating system. This track will take a...
A Close Look at Tablets
Learn More
All Mobile and Wireless Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs