Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.
Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.
The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.
My laptop is almost four years old now, and it doesn't support WPA2. If I want to have WiFi on my laptop, I am now stuck running an insecure network. Yes, MAC filtering will help some. But MAC addresses can be spoofed, just like ethernet hardware addresses can.
Maybe we'll get wireless network security right someday. But not, evidently, any time in this decade...