Learn From The Downfall Of WPA!

Remember the days when we said 128-bit encryption using DES would take tens of thousands of years to brute force crack? Remember when WEP was secure enough for wireless security so long as you rotated the keys every 60 seconds?

Well, neither one of those statements are true anymore.

As was widely reported last week, WPA – Wi-Fi Protected Access – was cracked in under 60 seconds by Japanese researchers. The attack requires a computer sitting between the authorised wireless computer and the access point – and exploits a flaw in the Temporal Key Integrity Protocol (TKIP).
Security researchers say WPA devices that use the Advanced Encryption Standard (AES) and WPA2 – the next generation wireless security standard – are “safe for now.”

But experts are recommending upgrading from WPA to WPA2 and from TKIP to AES to eliminate the threat of this new attack.

“Safe for now” is the statement that should concern solution providers and consumers of wireless equipment.

Some years ago, when the previous WEP – Wired Equivalent Privacy – standard was deemed flawed and susceptible to easy cracks, experts advised rotating keys every 60 seconds to maintain secure connections. But the speed by which WPA was cracked is disappointing, since it means fast key rotation will probably not be enough to ensure wireless security.

What this attack proves, more than anything, is that the arms race that is security is alive and well. No sooner do security researchers and vendors devise a new technology to combat digital threats, than hackers will devise a means for defeating the defences. It’s a practical reality that security pros have lived with from the dawn of the Internet.

But how tolerant will cost-conscious consumers of IT goods and security technologies be, when technologies suddenly and unpredictably become obsolete? How tolerant will they be given the increasing number of hacks using wireless vulnerabilities as an attack vector?

The list of security products and protocols that have fallen into the ash heap of IT history is long and always growing. Proxy firewalls, standalone antivirus, network intrusion detection, cyber vaults, Blowfish, DES, SSH-1 and more. Security is a moving target. In time, security measures will always become obsolete, which is why good security practices are about risk mitigation and not elimination.

Larry Walsh eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

12 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

14 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

16 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago