New Attack Cracks Common Wi-Fi Encryption in a Minute by PC World: Yahoo! Tech


New Attack Cracks Common Wi-Fi Encryption in a Minute by PC World: Yahoo! Tech

If you use a wireless router in your home or business, you may want to read this article.  Researchers have found a way to crack the WPA-TKIP encryption method in 60 seconds.  While there are no active exploits using this method, it’s only a matter of time.

As the article points out, since March 2006, routers were required to offer WPA-2 (or WPA-AES) for an encryption method.  This is the only method that hasn’t been cracked as of yet.  Now, that’s not saying it won’t be—just that it hasn’t.

Here’s an analogy of what the different encryption methods are in terms of security.  No encryption is like shutting your shed door, but not even bothering to put the clasp in place to lock it. WEP is the functional equivalent of putting the clasp in place on your shed door, but not attaching a padlock.  WPA-TKIP is like attaching a padlock and hiding the key under the only odd-looking rock in the vicinity.  WPA-2 (or WPA-AES) is like attaching a padlock and either taking the key with you, or hiding it in a bunch of rocks.

If you have a router and are using the wireless features, then it’s time to check this.  Are you using WEP or WPA-TKIP? If so, then it’s time to upgrade to WPA-AES or WPA-2 (they are basically the same thing, so either will work).  If your router doesn’t offer the option of WPA-AES or WPA-2, then it’s time to see if there’s a firmware upgrade from the company—or buy a new router.

While you’re at the router’s control panel, did you just put the default password in for the Administration?  If so, then it’s time to change that as well.  Because you can set all of the security in the world, but if you don’t change that password, it doesn’t mean anything.  Also, you may want to consider not broadcasting the SSID for your router.  The broadcast is only really needed if you don’t remember the SSID.  Otherwise, you can set up your network manually (it just makes it a little quicker to do) by typing it in.

Finally, before you start making changes to the encryption on your router, you need to verify that your wireless device supports WPA-AES or WPA-2.  Some older computers don’t support it out of the box, and there may not be any firmware or driver upgrades to enable that support.  If you’re in this position, then you either need to 1) buy a new wireless network card or 2) upgrade your computer—which may be a good idea anyhow, since the OS may be out of support too.

Have a great day 🙂

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *