Two researchers have apparently cracked a part of the Wi-Fi Protected Access
(WPA) encryption protocol.
Erik Tews and Martin Beck claim to have broken the Temporal Key Integrity Protocol
in under 15 minutes. The breakthrough means that data sent from the router to the PC can be scanned, but not the other way around.
Access to this traffic could also enable a hacker to send false information to a client on the network.
The researchers developed a way to get the router to send out large volumes of traffic, thereby giving them a large data set to work with, in order to break the key using a mathematical formula the pair developed.
WPA's predecessor, Wired Equivalent Privacy
(WEP), which was developed as one of the first wireless security systems in the 1990s, is now considered almost completely unsecure as it can be hacked in just a few minutes using tools easily available on the internet. WPA2
, an advanced version of the protocol, is not susceptible to the new attack and is still considered secure.
But WPA2 is a relatively new platform and was only made mandatory in all new products from March this year, meaning that many users may have routers that do not support the standard.
Experts believe that this latest development could open the door for a host of new wireless network attacks, forcing many businesses to upgrade their systems to remain protected.
Full details about the WPA hack will be revealed and discussed next week at the PacSec Applied Security Conference