Weakness Reported in Wireless Security Protocol

by CXOtoday Staff    Nov 10, 2003

According to a researcher at ICSA Labs, some implementations of Wi-Fi Protected Access (WPA), a standard for cryptography of data on Wi-Fi networks, can be compromised through a dictionary attack.

However, not all WPA-based networks are vulnerable. Those at maximum risk, are the ones that use the “pre-shared key” method for passphrase generation. Most implementations of WPA allow users to enter a common shared phrase into the user interface on the computer, to make the complicated ’cryptography’ accessible to users with ordinary home PCs.

This phrase, along with the SSID, the visible name for the network, is transformed mathematically into a key used by the cryptography routines. Other key management techniques are available to WPA, but these generally require more expensive and complex network management equipment, such as authentication servers.

After sniffing a few packets of data from certain points in Wi-Fi standard communication, an attacker could use a “dictionary attack” on the data offline in an attempt to guess the passphrase.

Users who employ short, simple passphrases could be easily cracked. A key generated from a passphrase of less than about 20 characters is unlikely to deter attacks. Once the passphrase is guessed, the attacker can join the network like any legitimate user.

When CXOtoday contacted D-Link India, a spokesperson for the company said, “Wireless networking standards are basically not as secure as traditional LAN setups. The security 1x standard (the highest available wireless standard) is available on all wireless products provided by D-Link, and we haven’t come across even a single issue on wireless security within India.’

The R&D section of D-Link India is working on the security aspect of wireless networking, to detect and eliminate any vulnerability in its products.

Tags: Wi-Fi