Organizations Urged To Update WPA After Security Crack
- By Stephen Swoyer
- November 18, 2008
A team of security researchers this week demonstrated an attack confirming
that the Wi-Fi Protected Access (WPA) protocol can be compromised.
The good news, for vanilla WPA users at least, is that the attacks affect only
WPA implementations that use the Temporal Key Integrity Protocol (TKIP) -- the
lesser of two methods for securely exchanging pre-shared keys. Moreover, the
vulnerability doesn't allow an attacker to completely recover a TKIP key.
The bad news is that an attacker can crack TKIP to decrypt traffic that's sent
from a wireless access point (WAP) or router back to client devices and can
crack an integrity checksum that (if properly manipulated) could enable them
to insert up to seven custom packets into a data stream.
The upshot, according to industry watchers, is that organizations should either
implement a more secure version of WPA (using the Advanced Encryption Standard
algorithm, or AES) or switch to WPA2, the as-yet non-standard but (by all accounts)
impregnable successor to WPA.
Security researchers Martin Beck and Erik Tews outlined their discoveries at
the PacSec 2008 Conference, held this week in Tokyo.
Ahead of Beck and Tews' presentation, industry watcher Gartner Inc. urged its
clients to take action and -- pursuant, it said, to its own long-standing recommendations
-- make the switch to WPA2, which uses the Counter Mode with Cipher Block Chaining
Message Authentication Code Protocol, or CCMP. (For the record, CCMP also uses
the AES algorithm.)
The impetus, Gartner said, was clear: Even in the absence of a verified proof-of-concept
-- much less a bona-fide WPA-cracking-exploit -- organizations need to seriously
think about shifting away from WPA and toward WPA2.
For one thing, analysts John Pescatore and John Girard wrote, news of a WPA
vulnerability shouldn't really surprise anyone. In fact, some of the methods
used by Beck and Tews are similar to those that Tews himself used only two years
ago to crack a 104-bit Wired Equivalent Privacy (WEP) key -- WEP, a deprecated
predecessor to WPA, is still commonly used in consumer gear -- by capturing
(in a best-case scenario) just 40,000 packets.
At the time, Tews and his team urged that "WEP should not be used any
more in sensitive environments." They urged users to switch to WPA (with
TKIP) or -- "even better" -- to WPA2.
Gartner has counseled just such an approach for some time, according to Pescatore
and Girard. "Reports of this new crack are not surprising, and in fact
represent the normal cycle of security solutions becoming vulnerable over time,"
they wrote, noting that "WPA has long been known to be theoretically vulnerable
to 'dictionary attacks,' which require massive computational resources not available
to most hackers and so are not a serious threat."
With the disclosure and availability of the first (albeit limited) WPA cracking
exploit -- a development version of "aircrack-ng" (a popular network
detector, packet sniffer and WEP/WPA cracking tool) is said to include an experimental
implementation of Beck and Lews' WPA TKIP crack -- it's time for enterprise
IT organizations to bite the bullet and either implement WPA2 or, failing that,
use a stronger flavor of WPA (such as AES), Pescatore and Girard urge.
"Wherever possible, migrate WLANs from WPA to WPA2. If this is not feasible,
use installed WLAN intrusion prevention systems...to monitor WPA usage and detect
attempts to compromise TKIP," they wrote. "If no migration to WPA2
is planned and no form of WLAN monitoring is in place, ensure that vulnerable
access points are not used in public areas."
The potential for havoc, experts said, is severe: An attacker could use Beck
and Lews' method to trigger a denial-of-service (DoS) attack, or -- perhaps
more alarmingly -- to pass data through a firewall.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.