Time to Switch over to WPA2


Just when you thought WPA was the perfect solution for your company's wireless network comes news of game-changing research. It appears that two researchers from the Technical University of Darmstadt in Germany have managed to exploit a weakness in the Temporal Key Integrity Protocol (TKIP) used by the Wi-Fi Protected Access (WPA) encryption standard. The duo used a number of clever tricks and a revolutionary mathematical method to correctly decrypt a very limited number of TKIP protected data packets. Additional information will probably come to the fore at the researchers' scheduled presentation at the PacSec conference in Tokyo later this week. Because of the extremely limited data that can be uncovered, WPA is still not considered to be "compromised" at this point; you can read more about the mechanics of the hack here.


In addition, there are a number of technical tweaks that you can do to reduce the chances of an attack succeeding against a WPA-based wireless network. Indeed, simply switching to AES - instead of TKIP - will result in immunity against this new vector. The initial feedback from security analysts is that this attack vector is probably something that can be fixed with new drivers.


However, the worrying aspect has to be the fact that limited packet injection is now possible on vulnerable systems. The surreptitious insertion of such data packets could potentially result in the installation and execution of exploit tools, which in turn could allow hackers to gain access to computers connected to the wireless network.


So assuming your hardware already supports WPA2, now would be as good a time as any to switch over to that. Organizations considering a wireless setup will also probably want to start on the get-go with wireless base stations that support WPA2.


I'm sure more practical recommendations and tips will surface once other security researchers have time to delve into this new vulnerability. I'll be sure to get back to you when that happens.