It’s possible to crack the wireless WPA-2 encryption that is the standard of reasonable security for wireless LANs in both homes and businesses, according to research published today.
It is possible to crack WPA-2 by a direct, brute-force attack, but takes a considerable investment of time or a lot of compute power, according to a previous study by Cologne, Germany-based security researcher Thomas Roth, who did it in 20 minutes by running a custom script on a cluster of GPU instances within Amazon, Inc.’s EC2 cloud service.
The level of security provided by WPA-2, which uses pre-shared keys to encrypt traffic between a wireless access point and client using TKIP or CCMP, is high enough to make it the most widely recommended way to secure wireless clients. WEP, the previous standard, was cracked as early as 2001, and debunked completely by 2007, causing most vendors and security experts to choose WPA-2 as the only practical, reasonably secure protocol that was widely available.
There are plenty of online guides to cracking WPA-2 with brute-force or dictionary attacks. Lacking anything better, however, most experts recommend the level of security WPA-2 provides as reasonable, if the password is long enough to keep brute-force attackers working longer than most would bother.
WPA-2’s weakness isn’t the sign-in, however, according to a study published March 13 at the International Journal of Information and Computer Security.
The real weakness is the de-authentication process in which routers periodically sign a client device off in order to force it to reconnect and re-authenticate with a new key, according to researchers Achilleas Tsitroulis, Dimitris Lampoudis and Emmanuel Tsekleves. During that process, the router leaves the old session open long enough for a determined intruder with a fast wireless scanner to gain access.
There are published descriptions available of ways to attack WPA-2 during de-authentication, as well, but none have demonstrated the unsecured “backdoor” that leaves the WPA2 security protocol “fully exposed by malicious attacks.” Restricting access to specific MAC addresses can stop that approach, the authors note, except from attacks using spoofed MAC addresses. Since there is no better alternative available to most users, however, MAC addresses and using long, long passwords are the best bet for the time being, they wrote.
Image: Shutterstock.com/ Maksim Kabakou