Alarming news. If you thought Wi-Fi vulnerability was from the realm of the discarded WEP, a group of well-regarded German researchers claims to have cracked its encryption replacement, WPA, in minutes. But how?
The group, which will present its findings at Japan's PacSec conference next week, is reported to have "broken" TKIP pre-shared keys in minutes using methods other than a dictionary hack (which can anyway be defended against with password complexity). The same researchers previously demolished WEP for sport.
Naturally, they don't reveal how they engineered the crack, but it's likely from the few details on offer that it's could be a flaw in the RC4 stream cipher element used in WPA TKIP. The giveaways are the reference in reports to needing large amounts of data from the router, and the fact that the crack exploits unknown mathematical weakness in WPA.
None of this is entirely surprising. WPA is basically WEP on steroids, sharing as it does the same RC4 cipher used by WEP, but adding mathematical innovations such as a 128-bit key length and changing keys for every packet (WEP encodes all using only one pre-shared key). As with WEP, there is also the pre-shared key to take into account.
In principle, the key length issue is tough but not science fiction, while the assumption is that the researchers have also found a way of reverse engineering some or all of the packet encryption from the pattern of their encoding. Nevertheless, if true, this is still an impressive coup not far removed in encryption terms from Obama coming from nowhere to become the US's 44th President.
Companies should be using WPA2 anyway, a protocol very different in its inner workings to WPA thanks to its use of the cryptographically-strong AES algorithm and RADIUS server authentication of endpoints. TKIP/WPA is supposed to be for consumer use, and hardware lacking WPA2 drivers, not that this will have stopped large numbers of smaller businesses from using it.
I doubt this is a fundamental enough crack to make WPA/TKIP look like WEP overnight, but it should put businesses on their guard if they have any WPA in their networks. The researchers are getting closer to'WEPping' WPA.
Of course, there is a full-proof defence against this type of hack that costs pennies - use a network cable.