Popular WPA Wifi Security Scheme Cracked Open
Just when you thought it was safe to go back in the water: a pair of researchers have announced a serious flaw in the WPA wifi encryption scheme, which was designed to keep your wireless traffic hidden from prying eyes.
Security researchers Erik Tews and Martin Beck have discovered a way to help those eyes pry a bit further into your traffic using a much faster means of break the Temporal Key Integrity Protocol (TKIP) key used by WPA. TKIP has long been vulnerable to dictionary attacks, but dictionary attacks take a long time. The method used by Tews and Beck takes a mere 15 minutes.
The good news is that Tews and Beck so far have not managed to crack the encryption keys. But since security-minded folks like Webmonkey readers probably long ago ditched WEP (an older wifi encryption scheme cracked years ago) in favor of WPA — thinking it was the secure alternative — this attack has some widespread implications.
On the bright side, the attack reportedly does not work with WPA2, which uses a different key protocol to encrypt traffic. If you’re worried, upgrade your router to support WPA2 (in a couple of years we’ll probably be telling you about a flaw in WPA2, but for now anyway).
The details of the Tews and Beck’ findings will be made public at next week’s PacSec conference in Tokyo.
[via Computer World]