Researchers take just a minute to hack router traffic
Japanese researchers have thrown a spanner in the works with the disclosure that the WPA encryption system used for wireless security can be broken in just one minute.
The security attack they have formulated for the Wi-Fi Protected Access or WPA protocol is similar to one known as the Beck-Tews attack which appeared last year as a means of recovering plain text from an encrypted short packet, and from there falsifying it.
That took anything up to 15 minutes. But with this latest message falsification attack, which is good for pretty much any WPA implementation, the execution time is cut to about one minute in the best case.
Developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, the attack opens up for interception and reading WPA encrypted traffic between computer and a router.
As with the Beck-Tews attack, it is effective against TKIP, the Temporal Key Integrity Protocol security used in 802.11 wireless networking, and not against WPA using AES.
The WPA protocol and related TKIP were created in response to several serious weaknesses found in the previous system, Wired Equivalent Privacy (WEP). But it now appears that TKIP is vulnerable to keystream recovery attacks.
Enterprises can use IT-managed Wi-Fi policies like Active Directory Group Policy Objects to block connections to high-risk free or public WiFi.
They can also use centrally managed host intrusion prevention systems to detect wireless policy violations such as Wi-Fi ad hoc mode operation.
But the latest advice is to change to AES encryption using the administrative interface on many WPA routers.