WPA Vulnerability Discovered

By Naomi Graychase

November 11, 2008

Last week German researchers announced that they’d found a way to crack the Wi-Fi Protected Access (WPA) encryption standard commonly used to protect data on wireless networks.

The flaws in WEP encryption are well-known, but last week, security researchers announced that they’d found a way to crack the Wi-Fi Protected Access (WPA) encryption standard commonly relied upon to protect data on both home and business wireless networks.

Eric Tews, one of the co-authors of a paper outlining the WPA flaw that will be presented this week at security conference, PacSec, in Japan, spoke with Glenn Fleishman of the wireless data networking blog, Wi-Fi Net News, on Thursday. Tews and his collaborator Martin Beck, who discovered and tested the flaw, told Fleishman that it’s possible to use weaknesses that remain in WPA’s Temporal Key Integrity Protocol (TKIP) encryption type (the weaker of two available in WPA2) to decrypt certain data.

“The flaw,” writes Fleishman, “is not a generic crack: it doesn’t allow a WPA key to be recovered, nor does it work on all data passing the network. The flaw only affects packets encrypted using the TKIP system, which is a backwards-compatible upgrade to 802.11’s original WEP system. It’s also only possible at this point to recover the original text for short packets—those with predictable contents that are quite short. And it requires the use of 802.11e, the Quality of Service (QoS) standard that prioritizes voice and streaming data above that of normal data to provide voice quality and avoid video and audio stuttering.”

Our own security expert, Lisa Phifer, who has been following the news, called the flaw “more of a pinhole, than a crack.”

“The solution for the flaw at present,” writes Fleishman, “is to use AES, an encryption option that’s part of WPA2 (and 802.11i, the underlying standard). If your network comprises all WPA2 devices, which nearly all equipment sold starting in 2003 is capable of, then you can opt to set routers to use just the AES type. For home networks or small offices, this would mean choose WPA2-PSK or WPA2 Personal in most cases. (While Windows lets you choose to identify a WPA2 key as TKIP or AES, the router is what controls which algorithms are acceptable.)”

Key points to take away:

·     Buy Wi-Fi gear that uses Wi-Fi Protection Setup (WPS).

·     Increase your passphrase to 22 characters in length.

·     When creating a passphrase, use combinations of numbers and letters that do not form words.

For more of Fleishman’s excellent overview of the flaw, click here and here.

For more security help and guidance, read “How to: Create a Secure Password,” “Wi-Fi Planet Guide to WPA,” “WPA-Enterprise for Small Businesses (Part I),” and “WPA Security Tips.”

Naomi Graychase is Managing Editor at Wi-Fi Planet. 



Comment and Contribute
(Maximum characters: 1200). You have
characters left.