Researchers Crack WPA Security for Wireless Networks

Two researchers have opened a new can of worms that could let hackers wreak havoc on network managers. Erik Tews and Martin Beck say they have found a way to crack the widely used Wireless Protection Access (WPA), a standard supported by the Wi-Fi Alliance and currently used to secure wireless computer networks. The researchers say they have specifically cracked the Temporal Key Integrated Protocol (a set of algorithms used by WPA), a feat that had been considered nearly impossible.

"We were able to write up both attacks about one month ago in a research paper we submitted to WISEC 2009, which is currently under review," said Tews in an e-mail interview with us from Germany. "Very experimental implementations of these attacks are ready and available in the aircrack-ng public SVN server."

The duo took only 12 to 15 minutes to complete their feat and will share their findings at the PacSec conference in Tokyo next week. PacSec presenters focus on technical security details as they relate to current issues and best practices in information security. Their findings are shared with a multinational group of security professionals.

"We will demonstrate two attacks; one of them is a little improvement in WEP key recovery, the other one is on WPA," Tews said.