Attack on WiFi systems using WPA-TKIP demonstrated

The vast majority of people with broadband internet connections for their homes these days are using wireless routers to connect their PC’s, Mac’s, and laptops to the ‘Net. While the adoption by the masses of basic security procedures has improved over the last 5 years, the fact is that the online landscape changes dynamically and people need to know about. Where most people didn’t have basic security on their wireless routers turned on 5 years ago, most today appear to have gotten the message. They’ve activated the most basic of the security protocols and are using WEP. There are better ones available, however, since WEP was cracked a few years back. Those new ones are WPA and WPA2.

Well, if you’re using plain WPA, you might want to go back to the router manual and see how to step up to the more secure WPA2. WPA appears to have joined the “cracked open” club:

Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

The previous attack method against WPA took about 15 minutes to bust a wireless key. As the article says, this one takes about a minute, far too quick for the average homeowner to notice. If your router offers WPA2 (and any device that’s certified with the WiFi trademark is required to do so) you should switch over to it. It’s a 2-minute effort on your router and your laptop should be able to re-acquire the network in a minute or so. (Believe it or not, with Vista it might even been less than that.) It’s worth the trouble. You should do it.

Advertisements