Reports: WPA Wi-Fi encryption cracked

Filed Under: Data loss

Wi-fi hazard

Researchers are claiming that they have found a way to partially crack the encryption used on WPA wireless communications.

According to a media reports, Erik Tews and Martin Beck claim that they have found a way to unlock the Temporal Key Integrity Protocol (TKIP) key, used by WPA, to read data sent from a wireless router to laptop computers. According to the researchers, the key can be cracked in 12-15 minutes.

Many companies and home users currently use the WPA (Wi-Fi Protected Access) encryption protocol to prevent criminals from sniffing confidential information out of the air which could be used for the purposes of identity theft.

It has long been known that WEP, an earlier encryption standard, was easily breached and many individuals and firms who use wireless have been encouraged to make the switch to a more secure system such as WPA or WPA2.

Indeed, just last month I reported on how the Payment Card Industry (PCI) Security Standards Council was telling retailers that they must use better encryption like WPA or WPA2 to protect credit card and other identity information following a spate of embarrassing data breaches.

Fortunately, so far the researchers say they have not been able to find a way to intercept communications sent from wireless laptops to the router - only data sent in the other direction. Nevertheless, there will be many eyes turned to next week's PacSec conference in Tokyo where Tews says he will demonstrate the attack against WPA.

Depending on what is revealed, some companies may need to look again at their Wi-Fi security and adopt a higher level of encryption. WPA2 has not suffered from any cracks so far - maybe everyone should switch to that?

, , , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.