Researchers are claiming that they have found a way to partially crack the encryption used on WPA wireless communications.
According to a media reports, Erik Tews and Martin Beck claim that they have found a way to unlock the Temporal Key Integrity Protocol (TKIP) key, used by WPA, to read data sent from a wireless router to laptop computers. According to the researchers, the key can be cracked in 12-15 minutes.
Many companies and home users currently use the WPA (Wi-Fi Protected Access) encryption protocol to prevent criminals from sniffing confidential information out of the air which could be used for the purposes of identity theft.
It has long been known that WEP, an earlier encryption standard, was easily breached and many individuals and firms who use wireless have been encouraged to make the switch to a more secure system such as WPA or WPA2.
Indeed, just last month I reported on how the Payment Card Industry (PCI) Security Standards Council was telling retailers that they must use better encryption like WPA or WPA2 to protect credit card and other identity information following a spate of embarrassing data breaches.
Fortunately, so far the researchers say they have not been able to find a way to intercept communications sent from wireless laptops to the router – only data sent in the other direction. Nevertheless, there will be many eyes turned to next week’s PacSec conference in Tokyo where Tews says he will demonstrate the attack against WPA.
Depending on what is revealed, some companies may need to look again at their Wi-Fi security and adopt a higher level of encryption. WPA2 has not suffered from any cracks so far – maybe everyone should switch to that?