Posted: 11th Nov, 2008 By: MarkJ
Wi-Fi Protected Access (WPA) is widely regarded as being one of the strongest security protocols (encryption) you can use to protect a wireless (IEEE 802.11) network, short of WPA2 of course. However two German researchers have challenged that status by making the first known "
practical attack" against a WPA secured network.
Total 100% security has always been a myth and even WPA can be cracked by using an old-fashioned brute-force style dictionary attack, which attempts to access a network by randomly guessing different passwords. However having a long password, made of up random numbers and letters, would usually make WPA networks nearly impossible to break.
Sadly the new method, as detailed in
THIS REPORT (.PDF), would appear to put WPA's status as a secure solution for wireless networking at risk:
The first attack is an improved key recovery attack on WEP, which reduces the average number of packets an attacker has to intercept to recover the secret key.
The second attack is (according to our knowledge) the first practical attack on WPA secured wireless networks, besides launching a dictionary attack when a weak pre shared key (PSK) is used.
The attack works if the network is using TKIP to encrypt the traffic. An attacker, who has about 12-15 minutes access to the network is then able to decrypt an ARP request or response and send 7 packets with custom content to network.
However the vulnerability itself is not without its own weaknesses, being somewhat of a slow process to complete. Both Martin Beck and Erik Tews, the individuals responsible for uncovering WPA's flaw, also note that the problem could be fixed by vendors with a software/firmware update.
Meanwhile it's still recommended to use a long and complicated password for your wireless network and switch to WPA2 where possible.