Wi-Fi Protected Access (WPA) Cracked

Summary:Just when I thought that WiFi (802.11b/g) networks were getting safer, I get an email from a friend indicating that Wi-Fi Protected Access (WPA) has been cracked.

Just when I thought that WiFi (802.11b/g) networks were getting safer, I get an email from a friend indicating that Wi-Fi Protected Access (WPA) has been cracked. InformIt.com has posted the details:

In this two-part series, Seth Fogie examines the internals of WPA and demonstrates how this wireless protection method can be cracked with only four packets of data. Part 1 outlines the details of WPA as compared to WEP and builds the foundation for Part 2, in which he describes in detail how WPA-PSK can be cracked.

The crack uses an application called coWPAtty:

coWPAtty is a brute-force cracking tool, which means that it systematically attempts to crack the WPA-PSK by testing numerous passwords, in order, one at a time.

Luckily Apple supports WPA2 on all AirPort Extreme-enabled Macs, the AirPort Extreme Base Station and the AirPort Express. In order to use WPA2 you must install the Airport firmware update (AirPort 4.2) released July 14, 2005.

If you're using an Apple Airport access point use WPA2 encryption. WPA2 uses AES encryption (Advanced Encryption Standard). If you have an older access point use WPA and as last resort use WEP. Make sure you chose passwords that are mixed case, long and will hold up to a dictionary attack. You should also chose the highest available encryption option (232 ->104 -> 40). For more on securing your WiFi network read this article from the WiFi Alliance.

What's on your network? 

Topics: Wi-Fi

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.