updated 01:15 pm EST, Thu November 6, 2008
WPA Wi-Fi partially hacked
The Wi-Fi Protected Access (WPA) encryption standard has been partially cracked by security researchers Erik Tews and Martin Beck, according to a Thursday report. The pair will demonstrate and discuss their accomplishment at the PacSec conference in Tokyo next week. The attack allows the hacker to read data sent from the router to a laptop computer and send inaccurate information to connected clients. Beck has reportedly found a way to break the crack the Temporal Key Integrity Protocol (TKIP) key used by the WPA standard in about less than 15 minutes, which is the shortest amount of time such an attack can be performed to date.
The researchers could not crack the encryption keys to secure data that goes from the PC to the router.
TKIP has previously been cracked using a 'dictionary' attack that involves using large computer resources to guess at the key. Tews and Beck, however, do not use this type of attack, but instead make the WPA router send large amounts of data and, combined with what they call a mathematical breakthrough, they can crack the key much more quickly than previously believed.
The WPA2 wireless standard is nonetheless considered safe by the pair of researchers. The old WEP standard has been publicly cracked in a high-profile TJ Maxx store chain and is often considered too weak for particularly sensitive networks. More research work is expected from the researchers in the future. Currently, WPA is widely used by enterprise customers, with the new method leaving them susceptible to data hacking and loss.