New attack opens the door to one minute WPA crack
Two computer scientists in Japan have developed a way to perform a man-in-the-middle attack on some wireless networks protected by the WPA, or Wi-Fi Protected Access. Building on earlier research by a pair of German students, the attack takes just one minute to work. Further details will be discussed at a conference scheduled to be held in Hiroshima on September 25.
While this new attack works only if the Temporal Key Integrity Protocol (TKIP) algorithm is used, its swiftness means the use of WPA with TKIP should be avoided moving forward. Instead, enterprises can switch to using Advanced Encryption Standard (AES) algorithm on their WPA secured wireless networks, or switch to the more advanced WPA 2.
Ever since the first wireless networking devices appeared, researchers have steadily uncovered vulnerabilities and weaknesses in the algorithms used to protect them. Because wireless signals are transmitted over the air, the use of encryption is vital to keep out eavesdroppers from simply listening in to the traffic at their leisure.
In spite of the new weaknesses exposed in WPA TKIP though, WPA is far from broken if implemented with AES. However, it might make sense for enterprises to acquire only equipment that supports WPA 2 if setting up a wireless network for the first time.
For more on this story:
- check out this article at Computerworld