James Delahunty
9 Nov 2008 22:54
Two researchers plan to provide details at next week's PacSec 2008 conference in Tokyo on how Wi-Fi Protected Access (WPA) is vulnerable to attack. Of course, this does not mean that WPA is as vulnerable to compromise in the same way that Wired-Equivalent Privacy (WEP) is, far from it in fact. The weakness in WPA is being reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications in less than 15 minutes.
The researchers found the weakness in the lesser of two WPA security protocol, Temporal Key Integrity Protocol (TKIP). Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network, according to SecurityFocus.
"The new attack on WPA is not a complete key recovery attack," Tews said in an email to SecurityFocus. "It just allows you to decrypt packets and inject packets with custom content. But there is only a single short-term key recovered during the attack."
More details of the attack:
http://www.securityfocus.com/news/11537