Why Enterprises Must Respond to WPA Crack
Organizations should either implement a more secure version of WPA or switch to WPA2, the impregnable successor to WPA
As expected, a team of security researchers this week demonstrated an attack confirming that the Wi-Fi Protected Access (WPA) protocol can be compromised. The good news, for vanilla WPA users at least, is that the attacks affect only affect WPA implementations that use the Temporal Key Integrity Protocol (TKIP) -- the lesser of two methods for securely exchanging pre-shared keys. Moreover, the vulnerability doesn't allow an attacker to completely recover a TKIP key.
The bad news is that an attacker can crack TKIP to decrypt traffic that's sent from a wireless access point (WAP) or router back to client devices and can crack an integrity checksum that (if properly manipulated) could enable them to insert up to seven custom packets into a data stream. The upshot, industry watchers urge, is that organizations should either implement a more secure version of WPA (using the Advanced Encryption Standard algorithm, or AES) or switch to WPA2, the as-yet non-standard but (by all accounts) impregnable successor to WPA.
Security researchers Martin Beck and Erik Tews outlined their discoveries at the PacSec 2008 Conference, held this week in Tokyo.
Ahead of Beck and Tews' presentation, industry watcher Gartner Inc. urged its clients to take action and (pursuant, it said, to its own long-standing recommendations) make the switch to WPA2, which uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol, or CCMP. (For the record, CCMP also uses the AES algorithm.)
The impetus, Gartner said, was clear: even in the absence of a verified proof-of-concept -- much less a bona-fide WPA-cracking-exploit. Organizations need to seriously think about shifting away from WPA and toward WPA2.
For one thing, analysts John Pescatore and John Girard wrote, news of a WPA vulnerability shouldn't really surprise anyone. In fact, some of the methods used by Beck and Tews are similar to those that Tews himself used only two years ago to crack a 104-bit Wired Equivalent Privacy (WEP) key -- WEP, a deprecated predecessor to WPA, is still commonly used in consumer gear -- by capturing (in a best-case scenario) just 40,000 packets.
At the time, Tews and his team urged that "WEP should not be used anymore in sensitive environments." They urged users to switch to WPA (with TKIP) or -- "even better" -- to WPA2.
Gartner has counseled just such an approach for some time, according to Pescatore and Girard. "Reports of this new crack are not surprising, and in fact represent the normal cycle of security solutions becoming vulnerable over time," they write, noting that "WPA has long been known to be theoretically vulnerable to 'dictionary attacks,' which require massive computational resources not available to most hackers and so are not a serious threat."
With the disclosure and availability of the first (albeit limited) WPA cracking exploit -- a development version of "aircrack-ng" (a popular network detector, packet sniffer, and WEP/WPA cracking tool) is said to include an experimental implementation of Beck's and Lews' WPA TKIP crack -- it's time for enterprise IT organizations to bite the bullet and either implement WPA2 or, failing that, use a stronger flavor of WPA (such as AES), Pescatore and Girard urge.
"Wherever possible, migrate WLANs from WPA to WPA2. If this is not feasible, use installed WLAN intrusion prevention systems … to monitor WPA usage and detect attempts to compromise TKIP," they write. "If no migration to WPA2 is planned and no form of WLAN monitoring is in place, ensure that vulnerable access points are not used in public areas."
The potential for havoc, experts say, is severe: an attacker could use Beck and Lews' method to trigger a denial-of-service (DoS) attack, or -- perhaps more alarmingly -- to pass data through a firewall.