Next week at the PacSec Conference in Tokyo, security researcher Erik Tews is expected to put on quite a show. Tews will be showcasing what he describes as the first practical attack on the widely used WPA Wi-Fi security protocol. Tews’ attack, discovered during testing performed with his co-researcher Martin Beck, tricks the router into sending him a large amount of data and combined with a “mathematical breakthrough,” Tews is able to break WPA much faster than any previously tested method. In fact, it reportedly takes between 12 and 15 minutes to execute. The attacker is then able to access data passed from the router to the laptop and even transmit data to a client computer connected to the router. Tews will be publishing his work in an upcoming academic journal and parts of his code have already been implemented in his partner Beck’s publicly available Wi-Fi encryption hacking tool. Great. So it looks like WPA is well on its way to becoming the new WEP – perfect for keeping your neighbor’s 12-year old daughter off your network but pretty useless beyond that.
Wi-Fi is no longer a secure form of wireless communication, so says Global Secure Systems. According to their report, a Russian firm has harnessed the GPU processing power of the latest NVIDIA graphics card to accelerate Wi-Fi password recovery times by 10,000 percent. David Hobson, managing director at GSS elaborates by saying,
“Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time – and presumably employed by relevant government agencies in extreme situations – but the use of the latest NVidia cards to speedup decryption on a standard PC is extremely worrying.”
The article unfortunately lacks some key details about the configuration of the WPA/WPA2 encryption that was hacked and the length of time it took for the encryption to be broken; leaving us a little in the dark about the extent of this threat. Nonetheless, individuals and companies that rely on wireless networking may want to follow this report to see if it is confirmed or debunked. Wouldn’t want you to bury your head in the sand and sit complacent while your neighbor’s kid with his uber-gaming rig hacks into your Wi-Fi network and steals Sarah Palin’s email. That could land you up to 5 years in jail. D’oh!