PC World is reporting that a "mathematical breakthrough" combined with a method for forcing a router to give you lots of good samples of encrypted data allows for a non-dictionary attack against the TKIP encryption algorithm behind WPA. Researchers expect that WPA encryption can be cracked in 12-15 minutes given modern hardware. Combine that with a high power antenna, and you should be very concerned if you have routers and systems using WPA to carry sensitive data.
Aircrack-ng is already being updated to take advantage of the latest vulnerability, so this attack is in the wild now or will be shortly. (props to DownloadSquad for the info.)
As you should already know, WEP encryption is trivial to bypass, and while WPA2 isn't officially "cracked" yet, significant advancements in parallel processing using CUDA allow for much faster brute-force cracking of WPA2. That would still require a very high end system with lots of local storage over a 24+ hour period to crack, but the impractical is now possible.
So with anything below WPA2 being easily exploitable, using WiFi without additional encryption layers (SSH, VPN, etc.) is becoming too risky for any kind of sensitive data. Be careful out there...
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment