Reports are coming in that a researcher has discovered a gaping hole in the security of the WiFi Protection Setup (WPS) method of simplifying the pairing of a device with several brands of wireless access point. WiFi users should be more concerned with the fact that wireless passwords have been inherently insecure for some time.
The fact that the WEP and WPA wireless password systems have long since been cracked, and – with suitable software and enough processing power – WPA2 passwords can also be cracked in just a few hours, the WPS loophole discovery is actually a minor security issue.
Using software such as Elcomsoft’s Wireless Security Auditor it’s now possible to stage a high-powered dictionary attack on a WPA2-passphrase protected wireless system and generate results in just a few hours,” he said.
Against this backdrop, the fact that the WPS method of allowing easy connection to a wireless network has been compromised is actually something of an irrelevance, since there are several other methods of cracking a WPA2 wireless passphrase.
The WiFi Alliance originally developed WPS as a means of simplifying the connection of a device to a home or office wireless network, with the router including a flag in the EAP-NACK message that tells the user if the first half of the passphrase they have typed is correct.
The security flaw reduces the time it takes to crack an average WPA2 passphrase down to 104×103 attempts – about 11,000 attempts in total.
Assuming you are using software capable of generating and using – say – 10 passphrase attempts a second (600 a minute), it doesn’t take a mathematical genius to realise that a WPA2-WPS router passphrase can be compromised in under 20 minutes.
The reality is that wireless networks have been regarded as insecure for more than a year now, owing to the rise in processing power accessible to hackers, and the arrival of password cracking software like WSA from Elcomsoft.
The solution to this issue is that companies should not rely on wireless networks to distribute their networks across and around the office. Hard-wired Ethernet connections, in all their various shapes and forms, are the only truly secure means of connecting to a network resource.
And corporates should also note that staff who access the office resources form a home network should also presume that their home wireless network can be cracked in relatively short order. For this reason, if staff really must access the company systems via WiFi, then the use of VPN technology is a must-have.
Wireless is a very convenient method of accessing a networked resource, but without the use of additional encryption – even before Craig Heffner’s discovery of WPS security problems – the technology has to be considered insecure. All this latest discovery confirms is that wireless access is inherently secure – and we knew that already.