WPA is the new WEP, and by that we mean useless

Next week at the PacSec Conference in Tokyo, security researcher Erik Tews is expected to put on quite a show. Tews will be showcasing what he describes as the first practical attack on the widely used WPA Wi-Fi security protocol. Tews’ attack, discovered during testing performed with his co-researcher Martin Beck, tricks the router into sending him a large amount of data and combined with a “mathematical breakthrough,” Tews is able to break WPA much faster than any previously tested method. In fact, it reportedly takes between 12 and 15 minutes to execute. The attacker is then able to access data passed from the router to the laptop and even transmit data to a client computer connected to the router. Tews will be publishing his work in an upcoming academic journal and parts of his code have already been implemented in his partner Beck’s publicly available Wi-Fi encryption hacking tool. Great. So it looks like WPA is well on its way to becoming the new WEP – perfect for keeping your neighbor’s 12-year old daughter off your network but pretty useless beyond that.

Read

blog comments powered by Disqus