According to PC World the days of securing your WIFI network using Wi-Fi Protected Access (WPA) may be over, as researcher Erik Tews will show how he was able to crack WPA encryption in around 15 minutes at a the Tokyo PacSec Conference in two weeks time.WPA was designed to overcome the insecurities in hacked Wired Equivalent Privacy (WEP) which can be hacked in a few minutes using a modern laptop.
Erik Tews will be demonstrating how he cracked the WPA encryption to read the data being sent from a router to a laptop.
To read the data being sent Tews found a way to crack the Temporal Key Integrity Protocol (TKIP) key without resorting to using a dictionary attack which, security experts have agreed that the protocol might be vulnerable too.
Although this is a big step Tews was still unable to crack the keys used to encrypt the data being sent back to the router from the laptop.
If the demonstration lives up to its headline then the days of WPA look to be numbered. This would come as a big blow to both consumers and corporations alike.
WPA is the most common standard of encryption in uses but, there is also a newer more secure standard WPA2, (which uses Advanced Encryption Standard (AES) and is unaffected), although support is still patchy. Consumer may find they are forced to still rely on the now unsecure WPA encryption to connect their devices to the network.
For Business this is even bigger headache. The TJ Maxx chain had hundreds of millions of customer details stolen due in part to the fact that they were still using the cracked WEP standard. It’s easy to see a situation where hackers may try to do the same using WPA forcing corporate users to VPN or WPA2 dumping devices that can’t support these protocols.
Use a generic SSID and you're boned.
USe a crappy passkey and you're boned.
Combine the two, and you're pretty secure.
I believe a certain function of security uses the SSID as a salt, to encrypt transmission.
Even though your all saying you use WPA2, in reality a lot of non tech people leave it as default. BTHomeHub's are the UK's most used router (in conjunction with BT) and these come with WEP encryption by default, and even the algorithm the factory uses to create the keys has been cracked long long ago. So by getting the BSSID and the ESSID you have a list of possible keys.
Either way, In my immediate area there's at least 4-5 WEP routers. So I think if WPA get's into the same rut as WEP then this is going to be a problem.
First thing I did with my 1st gen HomeHub was alter the encryption settings, even though I don't have a single wireless device.
First thing I did with my 1st gen HomeHub was alter the encryption settings, even though I don't have a single wireless device.
Best just turn it off.
Of course, it's not really a user-friendly alternative to the crap you see on shelves.
Unless someone taps into my mains & cracks the secuirty on that network, I'm more secure than wireless would be.
One of the 2 reasons I dont have a PSP.
Oh and good luck getting past my Astaro.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.