WPA Cracked

The Wi-Fi Protected Access (WPA) standard is more secure than the Wired Equivalent Privacy (WEP) standard it replaced, but not as secure as the latest technology, WPA2, which implements the full IEEE 80.11i specification.

The WPA vulnerability and proof of concept tool published by German researchers in mid-November is not yet a major threat, but could be soon exploited successfully.

The vulnerability can be used only against wireless networks using standard WPA encryption with quality of service (QoS) functionality turned on.

Hackers can use the QoS channels to bypass the basic security controls built into standard WPA and pose as a legitimate access point in the network.

This will not allow hackers to steal information as data is still encrypted, but it could enable denial of service (DoS) attacks to block access to the network.

In the longer term, however, the vulnerability is likely to be exploited, said Ken Munro, director of the penetration testing division of NCC Group.

"When a vulnerability like this is announced, it usually does not take long before someone works out a way of doing something with it," he said.

This is the first weakness to be identified in WPA and has been proven to, work so business should take heed, said Wade Williamson, director of product management at wireless security firm AirMagnet.

Until now, said Williamson, WPA was considered to be invulnerable, but that is no longer true and business needs to take a different approach to wireless security.

"We need to take all the lessons learned in the wired networking world and apply defence-in-depth to wireless networks," he said.

According to Williamson this means switching to the stronger Advanced Encryption Standard (AES) used in WPA2 and installing wireless intrusion detection systems.

"It is no longer good enough to secure wireless access points, businesses need to know what devices and users are talking over the network," he said.

Munro said with more than half of wireless networks in the UK using older technology that is incompatible with WPA2, many companies face costly upgrades.

In the meantime, he said, businesses using WPA can reduce risk from the new vulnerability by turning off QoS functionality.

"The bigger problem at the moment is the failure of business to encrypt data on wireless networks. WPA encryption is better than no encryption at all," he said.

What’s hot on Infosecurity Magazine?