WPA Encryption Cracked

Researchers have discovered a method that allows them to break the Temporal Key Integrity Protocol (TKIP) key used to encrypt WPA (Wi-Fi Protected Access) traffic in under 15 minutes. So far, their attack has only been successful intercepting data going from the wireless router to a client machine, and not the other way around. It should also be noted that this attack breaks WPA, but not the more recent and more secure WPA2 protocol.

The original wireless encryption protocol, WEP (Wired Equivalent Privacy), was quickly found to be flawed and somewhat trivial to break. There are tools out there that can crack WEP encryption in a matter of seconds. Security experts (myself included) have warned that WEP is insecure and prescribed the use of WPA. Enterprises that rely on WPA encryption to secure their wireless networks will have to consider other alternatives such as WPA2, or requiring some sort of VPN tunnel to provide stronger security than what WEP or WPA provide.

What should home users do? Probably nothing. By all means, if you have WPA2 available as an option, you should use it. However, many home users are still not protecting their wireless networks at all, so even WEP or WPA would be an improvement. It is certainly possible that someone could crack the WEP or WPA encryption and compromise a home wireless network, but most attackers aren't going to take the time- even a few minutes- to bother breaking into an encrypted wireless network when there are 3 or 4 unencrypted wireless networks available in the same neighborhood. Enterprises have a more critical concern due to compliance requirements as well as an increased potential for being targeted for attack.