WPA Vulnerability Bad, but Not Catastrophic, News


There is a truism that no form of security is unbreakable. The basic idea is that if humans devised it, humans given enough time and enough CPUs can defeat it.


Still, it's an unwelcome surprise when it actually occurs. That's the thought that had to cross many minds as the news spread that two researchers had found a way to partially circumvent one form of Wi-Fi Protected (WPA).


WPA is the Wi-Fi security protocol that was rushed through development when it became apparent that the original security protocol, the awkwardly named Wired Equivalent Privacy (WEP) protocol, is child's play for a hacker.


The good news is that the core of WPA has not been broken. Not that what has happened is considered a positive development. Researchers Erik Tews and Martin Beck will use this week's PacSec Conference in Tokyo to describe their work, which is a sort of end-around that makes one form of WPA vulnerabile.


eWeek does a good job of explaining what the duo did. The description, which is extremely technical and best passed on to the IT staff, makes two points that should make everyone feel a bit better. One is that the attack only confronts the temporal key integrity protocol (TKIP). The writer explains that TKIP is part of an interim standard between WEP and full WPA. Tews and Beck's work involves this interim standard, which is known as WEP2. Those using WPA are safe.


The other piece of good news is that the hack doesn't allow the theft of data. It does, however, enable the hacker to pose as a legitimate access point and inject small amounts of potentially dangerous data into the data stream.


The Tech Herald references but doesn't link to an Ars Technica piece that is as highly technical as the eWeek piece. This posting, however, has the benefit of being a bit shorter and simpler: Systems that use the Advanced Encryption Standard (AES) encryption have nothing to worry about. Even those that still employ TKIP are safe if they use a robust network key. A good overview of Wi-Fi, its disparate parts and various ways to protect it, is available at About Online Tips.


It seems that people and companies are becoming more security conscious even as they delve more deeply into wireless infrastructures. Internetnews.com reports a lot of numbers amassed by EMC about the situation in New York, Long and Paris. The firm found that the number of wireless access points (APs) in New York City increased 45 percent between this year and last, while the number in Paris grew 543 percent. The story doesn't give percentage growth for London, but the city has the most APs, with 12,276.


The security story is good: RSA found that 97 percent of corporate APs in New York are encrypted (a 21 percent increase compared to last year), 94 percent in Paris, and 80 percent in London. Ninety-seven percent of home APs in the Big Apple are encrypted, 98 percent in Paris, and more than 90 percent in London. More than 70 percent of homes and businesses in Paris use WPA or WPA2, about half in New York City, and 48 percent of both business and non-business APs in London.


It doesn't seem that this particular exploit is particularly dangerous. Indeed, at least one company AirTight has already announced an upgrade to its SpectraGuard product to protect against the problem. The work of white hats Tews and Beck may have done the industry a favor by alerting experts to this type of of vulnerability, thus allowing protections to be developed against more serious intiatives.