This is second Guest Article featured on the blog. The article is a brief look at why WPA encryption in wi-fi networks is not secure any longer. Our guest blogger this week is Maya Richard. She describes how brute force attacks can be used against captured packets which have been encrypted with WPA encryption. These attacks have become increasingly practical through the use of graphics hardware which is well-suited to brute force cracking.
Why WPA is no longer secure
Created by the Wi-Fi industry Alliance to help secure wireless networks, WPA (Wifi Protected Access) is now vulnerable to a recently discovered flaw. In particular, the packets distributed over the
network are now vulnerable to injection and spoofing, making the protocol no longer secure for sensitive use.
The vulnerability came to light when software consultants utilized advanced hardware to decrypt the protocol using brute force password guessing attempts. While experts have known about these potential vulnerabilities, many believed that the theoretical weakness could not be reasonably exploited with standard computing power. However, the firm that decrypted the packets relied upon commercially available Nvidia acceleration chips, which further calls into question the long-term security of the protocol as we transition into next generation technologies such as WiMax.
Example of current generation nVidia graphics cards
As a result of the breach, a number of companies are rushing to implement a further layer of VPN encryption. Security researchers were able to duplicate the method used in the initial breach, which has heretofore solely been considered a theoretical threat. The researchers, at Darmstadt University, were able to utilize brute force to crack a secure WiFi network within minutes. This sheds light on the
methods criminals have been used to steal credit card data distributed over wireless networks.
While security experts believed that the protocol would be a replacement for the less secure Wired Equivalent Privacy Protocol (WEP), experts point out that WPA merely adapted encryption techniques from the previous technology due to hardware limitations. Since 2006, most wireless devices are built on the WPA2 standard, which experts believe has a much more stable foundation.