Attack cracks Wi-Fi crypto in a minute

Users who have been slow to upgrade are being urged to drop WPA with TKIP as a secure method of protection for their routers
Written by Andrew Nusca, Contributor

Computer scientists in Japan have developed a way to break the WPA (Wi-Fi Protected Access) encryption system used in wireless routers in just one minute.

The attack, which reads encrypted traffic sent between computers and certain types of routers that use the WPA encryption system, was devised by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University.

The scientists plan to discuss further details at a technical conference on 25 September in Hiroshima.

Security researchers first showed how WPA could be broken last November, but the researchers have accelerated theory into practice, taking the proven 15-minute Becks-Tews method developed by researchers Martin Beck and Erik Tews, and speeding it up to just 60 seconds.

Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard, or AES, algorithm.

According to their report, the limits of the man-in-the-middle attack are fairly restrictive. However, the development should spark users to drop WPA with TKIP as a secure method of protection.

The process of securing routers has been a long one. The WEP (Wired Equivalent Privacy) system introduced in 1997 is now considered to be insecure by security experts. Then came WPA with TKIP, followed by WPA 2.

However, users have been slow to upgrade to the latest secure methods.

Editorial standards