Has WPA Finally Been Cracked?

Two security researchers working together have partially cracked Wi-Fi Protected Access (WPA), a wireless encryption technology that had been considered secure. Details are to be unveiled at the PacSec conference in Tokyo next week.

The breach is significant, since WPA has been touted as a secure replacement for WEP, which itself had been breached by German researchers back in April 2007.

The researchers, Erik Tews and Martin Beck, were able to break the Temporal Key Integrity Protocol (TKIP) in less than 15 minutes by fooling a WPA router into sending them enough packets to crack the encryption key. TKIP is used by WPA for part of the encryption process.

They didn't use a dictionary attack, where heavy computing power is used to guess at keys, a type of attack of which TKIP is susceptible.

The researchers still haven't been able to decrypt data that goes from the PC to the router, so they haven't completely broken in the castle yet.

Wireless users could upgrade their access points and routers to WPA2, the next generation of WPA, which can't be hacked yet by the TKIP compromise. But that may not be easy for the many enterprises who have adopted WPA to replace leaky WEP encryption.