Nerds On Site

WPA Broken – well, at least on paper

Thanks to Alex Brown, who was the first to point this out to me. I also see that Jeremy Laughlin picked up on the story and sent out an email.
It appears that a couple of Japanese researchers have taken previous attacks on WPA and applied them to a MITM (Man In The Middle) technique that will make it possible to crack a WPA-encrypted wireless connection in as little as a minute. Bear in mind that this is still a theoretical attack, and that it has not been demonstrated to actually work as claimed.
In any case, we should all be implementing WPA2 in any new installations. Almost all devices have supported it since 2006. Of course, there are still a LOT of networks still running on WPA (not to mention WEP), and quite a few older computers and routers still in use that do not support WPA2. This can often be remedied through firmware driver updates.
We should note that WPA implementations that offer AES encryption are not affected by this latest development. It is the TKIP (Temporal Key Integrity Protocol) that is vulnerable. WPA was always seen as an interim solution, but it will be a long time before we get everyone off WEP, let alone WPA.
The take-away is that we now have one more addition to our list of things the we should check when servicing clients – especially our SME clients.
If you want to really nerd it up and want the details, here is a link to the paper presented at the2009 Joint Workshop on Information Security
Dennis H in West Virginia, US
August 29, 2009

Leave a Comment

Your email address will not be published.

Scroll to Top