WPA Vulnerability Discovered
November 11, 2008
Last week German researchers announced that theyd found a way to crack the Wi-Fi Protected Access (WPA) encryption standard commonly used to protect data on wireless networks.
The flaws in WEP encryption are well-known, but last week, security researchers announced that theyd found a way to crack the Wi-Fi Protected Access (WPA) encryption standard commonly relied upon to protect data on both home and business wireless networks.
Eric Tews, one of the co-authors of a paper outlining the WPA flaw that will be presented this week at security conference, PacSec, in Japan, spoke with Glenn Fleishman of the wireless data networking blog, Wi-Fi Net News, on Thursday. Tews and his collaborator Martin Beck, who discovered and tested the flaw, told Fleishman that its possible to use weaknesses that remain in WPAs Temporal Key Integrity Protocol (TKIP) encryption type (the weaker of two available in WPA2) to decrypt certain data.
The flaw, writes Fleishman, is not a generic crack: it doesnt allow a WPA key to be recovered, nor does it work on all data passing the network. The flaw only affects packets encrypted using the TKIP system, which is a backwards-compatible upgrade to 802.11s original WEP system. Its also only possible at this point to recover the original text for short packetsthose with predictable contents that are quite short. And it requires the use of 802.11e, the Quality of Service (QoS) standard that prioritizes voice and streaming data above that of normal data to provide voice quality and avoid video and audio stuttering.
The solution for the flaw at present, writes Fleishman, is to use AES, an encryption option thats part of WPA2 (and 802.11i, the underlying standard). If your network comprises all WPA2 devices, which nearly all equipment sold starting in 2003 is capable of, then you can opt to set routers to use just the AES type. For home networks or small offices, this would mean choose WPA2-PSK or WPA2 Personal in most cases. (While Windows lets you choose to identify a WPA2 key as TKIP or AES, the router is what controls which algorithms are acceptable.)
Key points to take away:
· Buy Wi-Fi gear that uses Wi-Fi Protection Setup (WPS).
· Increase your passphrase to 22 characters in length.
· When creating a passphrase, use combinations of numbers and letters that do not form words.How to: Create a Secure Password, Wi-Fi Planet Guide to WPA, WPA-Enterprise for Small Businesses (Part I), and WPA Security Tips. Naomi Graychase is Managing Editor at Wi-Fi Planet.