New Improvements On the Attacks On WPA/TKIP

olahau writes "Two weeks ago, improvements to the previously reported attack on WPA/TKIP, were presented at the NorSec Conference in Oslo, Norway. In their paper coined 'An Improved Attack on TKIP,' Finn Michael Halvorsen and Olav Haugen describe the improvements, which enable an attacker to inject larger, maliciously crafted packets into a WPA/TKIP protected network, thus opening the probabilities for new and more sophisticated attacks against the well-established wireless security protocol."

Just in time!

[AmiMoJo]

The timing of this new attack could not have been better - the day after the UK government announces they want to introduce a "three strikes" rule before disconnecting suspected file-sharers.

I imagine this must be a massive headache for ISPs who have been shipping routers with WPA/TKIP enabled for compatibility (i.e. a lot of them). Suddenly their routers need remotely updating and they have to hope that most of their customer's wifi drivers will cope with the move to AES.

Re:Does that mean...

[natehoy]

Yes, you're absolutely correct. However, the question was "now that WPA/TKIP is broken, is WEP more secure than it?"

WPA/TKIP has vulnerabilities inherited from WEP, yes, but those vulnerabilities are still hidden behind a layer that, for now, is still protective. Trouble is, people are starting to discover larger and larger vectors for inserting attacks.

The shields are still holding - I haven't heard of a successful data breach or DNS spoof on a WPA/TKIP (someone correct me if there is an actual working breach out there), and there are measures that can be taken (turn off QoS/WMM, update your client stack) that will close the holes.

But only FOR NOW. Upgrading to AES is the correct answer.

Downgrading to WEP is not the correct answer, unless the question is "What security protocol is the easiest to break?"