It now appears as though the widely adopted wireless connection protocol of WPA is no longer secure. Researchers have found a way to compromise the wireless security protocol of WPA in a matter of a few minutes. The protocol has been adopted by a number of organizations and companies, which could be forced to change their wireless implementations. The news comes from to us from PC World.
Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes.
Next week at a Tokyo conference, both Tews and Beck will show an audience how they are able to crack the encryption.
In a previous post, I mentioned the use of WPA and asked that we all stay away from WEP (as it was insecure) and still stand by that statement. What we really need to think about, is using WPA with AES encryption instead of TKIP. The use of AES has not been compromised and is still considered to be safe.
Should You Be Worried?
Although it is a fairly new discovery, cracking tool kits have been updated with the necessary code to exploit the vulnerability. If someone is out there trying to get onto your wireless network and cracking your encryption, they probably are already aware of the new vulnerability and have the latest tools to do so. Anybody can be a target, and there are some easy things you can do to protect yourself.
Make Sure You Are Not At Risk
If you have a fairly new router (as far back as 2005 in some cases), you can simply choose to use AES encryption with WPA — or switch from WPA to WPA2 (which has not been compromised). If you only have WEP as an option, then you should consider using a very long password for your wireless connection — one with random letters, symbols and numbers. The longer and more complex the password, the more secure. Go to grc.com/passwords to generate a secure password.