WPA Security Standard Hacked

This week at PacSec, the applied security conference in Tokyo, two graduate students named Erik Tews and Martin Beck plan to release the details of how they managed to crack the Wi-Fi Protected Access (WPA) security standard. Tews’s and Beck’s attack currently targets only Temporal Key Integrity Protocol (TKIP)-protected networks, and it can only inject traffic—not steal data. However, the attack in and of itself raises serious issues for security administrators. Because this attack lets intruders scan data from the router to the PC, a hacker could send bogus information to a client machine on the network. In addition, an attack of this nature, which Tews and Beck claim to have pulled off in under 15 minutes, opens the door to additional and more serious forms of wireless attacks in the future.