Insecurity of WPA?
November 15, 2008 in Technology The trades are all talking about a new WPA hack, but is it really a big deal? The media would have you believe so, but Steve Gibson explains exactly what has happened, and what to do to protect your wireless network, on the latest episode of Security Now.
At this point, hackers have discovered that TKIP and QOS together enable them to be a nusance to your wireless network, but it isn’t a complete hack… yet. It is something that could become a point of vulnerability, so it’s a good idea to move toward shutting down the possibility.
Basicly, turn off the TKIP protocol and use AES (CCMP protocol) and don’t use QOS (Quality of Service, a.k.a. WMM) on wireless (VoIP traffic should be connected to your wired router ports, or to put before your router). The combination of TKIP and QOS create the vulnerability, since QOS channels allow more attempts at the crack. Another way to defeat the vulnerability is to reduce the key lifetime to 11 minutes, instead of the default 60 minutes, since it takes a minimum of 12 minutes to perform the hack.
Many routers don’t have QOS, and a lot of routers and wireless devices don’t have AES. But if your equipment is new and WPA2 certified, you probably can switch to AES, and turn off TKIP protocol to be safe.
The TKIP Hack, Security Now, Episode 170