View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data Centre
August 28, 2009

Hole punched through Wi-Fi encryption security

Researchers take just a minute to hack router traffic

By CBR Staff Writer

Japanese researchers have thrown a spanner in the works with the disclosure that the WPA encryption system used for wireless security can be broken in just one minute.

The security attack they have formulated for the Wi-Fi Protected Access or WPA protocol is similar to one known as the Beck-Tews attack which appeared last year as a means of recovering plain text from an encrypted short packet, and from there falsifying it. 

That took anything up to 15 minutes. But with this latest message falsification attack, which is good for pretty much any WPA implementation, the execution time is cut to about one minute in the best case.

Developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, the attack opens up for interception and reading WPA encrypted traffic between computer and a router.

As with the Beck-Tews attack, it is effective against TKIP, the Temporal Key Integrity Protocol security  used in 802.11 wireless networking, and not against WPA using AES.

The WPA protocol and related TKIP were created in response to several serious weaknesses found in the previous system, Wired Equivalent Privacy (WEP). But it now appears that TKIP is vulnerable to keystream recovery attacks.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Enterprises can use IT-managed Wi-Fi policies like Active Directory Group Policy Objects to block connections to high-risk free or public WiFi.

They can also use centrally managed host intrusion prevention systems to detect wireless policy violations such as Wi-Fi ad hoc mode operation. 

But the latest advice is to change to AES encryption using the administrative interface on many WPA routers.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.