SoylentNews is people
SoylentNews
Submission Preview
WPA2 wireless security cracked
Some background: WEP [wikipedia.org] (Wired Equivalent Privacy) was the original recommendation for wireless security. Within 2 years' time, cracks were found in the protocol and it is now deprecated. Next came recommendations to use WPA [wikipedia.org] (Wi-Fi Protected Access), but it, too, was later deprecated.
The most recent wireless security recommendation, WPA2 [wikipedia.org], has now met a similar fate.
From the article:
As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast-wireless scanner and a determined intruder. They also point out that while restricting network access to specific devices with a given identifier, e.g. their media access control address (MAC address), these can be spoofed.
There are thus various entry points for the WPA2 protocol, which the team details in their paper. In the meantime, users should continue to use the strongest encryption protocol available with the most complex password and to limit access to known devices via MAC address.
Other recommendations include using a tunneling protocol [wikipedia.org] such as IPSec or SSH within a WPA2 connection and/or to replace wireless connections with a wired one. What impact does this revelation have on your communications infrastructure?
