New Attacks on Wireless Encryption

Two graduate students in Germany have successfully demonstrated an attack against the WPA wireless encryption protocol. WPA was developed as a stop-gap measure when it was discovered that WEP, the original wireless encryption protocol, was deeply flawed and offered virtually no protection from eavesdropping on wireless traffic. Tools have been available for many years that can crack a WEP encrypted wireless network in seconds. If you are still using WEP, stop.

WPA offered many improvements over WEP even though it used the same cypher (RC4). The primary improvement was frequent rekeying that made the WEP hack useless against WPA. However, with this new attack published this week, WPA encrypted networks may now be vulnerable. Many enterprises and home users adopted WPA because it did not require a hardware upgrade; it could be implemented with fairly simple software updates. But the days of WPA providing adequate security are quickly coming to and end. Even though the attack published this week is limited in its scope, the writing is on the wall. Once a significant attack is developed against a protocol or cypher, it doesn’t usually take long before better ones are developed or the same one is made better through faster processing power (think DES and WEP).

The solution is to implement WPA2 which uses AES as its cypher. AES is the gold standard of encryption cyphers and as a result, WPA2 is not vulnerable to this or any other known attack. It comes in two flavors: WPA2-Personal (sometimes called WPA2-PSK) and WPA_Enterprise. The primary difference is that the personal implementation uses a preshared key, or password, and is designed for home use. The enterprise version requires a RADIUS authentication server and is designed for larger, corporate environments. Most newer wireless clients support WPA2, although some older ones do not. In fact one of my home laptops (about 4 years old) doesn’t which is preventing me from upgrading my wireless network to pure WPA2. It looks like that laptop will be getting replaced soon, thanks for two graduate students from Germany :).

Comments are closed.