The attack builds on the so-called "Becks-Tews method" unveiled last year by researchers Martin Beck and Erik Tews. However, that method worked on a smaller range of WPA devices and took between 12 and 15 minutes to carry out. Both attacks work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They aren't key-recovery attacks -- but give hackers a way to read encrypted traffic sent between computers and certain types of routers that use the outdated encryption system.
The Wi-Fi Alliance has required since 2006 that Wi-Fi-certified products support WPA 2, a much more powerful encryption system that is not vulnerable to these attacks, but users have been slow to upgrade.
The two researchers, Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, are to discuss their findings at a conference in Hiroshima this September 25 but you can read some details now in their paper, "A Practical Message Falsification Attack on WPA" (PDF).
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.