Saturday, November 8, 2008

WPA Cracked

For those of you who have wireless networks set up, it's a familiar tale.

First, we didn't need to secure our wireless routers or access points at all, because they were pretty safe. Then we learned it was smart to change the default manufacturer's password and SSID so the bad guys couldn't take them over and download kiddie porn over them, because we didn't want the FBI to come pay US a visit since it was our IP address being used.


Then we acknowledged that there should be some basic security for these things, so we implemented WEP to make sure only computers authorized to use the wireless network were authenticated by entering the correct WEP key.

Soon, however, WEP was broken easily - I was able to crack a WEP key by capturing a minimal amount of packets out at SANS Network Security in Las Vegas circa 2006. So everyone moved to dynamic WEP and WPA, which were more secure alternatives.


And now, it comes to pass that WPA has been cracked, which was always possible (again, I learned how to do it at the wireless security course in 2006), but the speed at which it can be compromised has accelerated.


So now it's time to move to WPA2, which should probably be secure for a couple of weeks before it also falls. A lot of consumer-specific wireless devices probably won't be able to handle WPA2, and implementation of WPA2 could be beyond the technical expertise of most home users, so if you don't know how to do this, reach out for someone who does.

No comments:

Post a Comment

Please tell me what you think.