Ars Technica has posted an article about a not-so-new WPA vulnerability.
Under a perfect set of conditions, researchers have been able to falsify an encrypted short packet (an ARP packet) by deciphering the 64 bit Message Integrity Code (MIC). This allows them to effectively establish a “man-in-the-middle attack ” situation. Quoting the article, “the attacks can certainly present problems, but they do not threaten the overall encryption of the wireless stream”.
So, I have to ask, why is this newsworthy?
Wifi Protected Access (WPA) was never intended to be a permanent solution to the vulnerabilities in WEP.
WPA was released in 2003 before the IEEE 802.11i (WPA2) standard was ratified. WPA implements most (but not all) of the 802.11i standards. WPA doesn’t implement AES encryption, one of WPA2’s strong points and the biggest reason why WPA2 is still considered a viable, very secure solution.
Like WEP, WPA is one of those “use it only if you have to” solutions. Most, if not all AP’s manufactured in the last five years support WPA2. Despite the findings published by these researchers, they are still not able to break the encryption on the WPA packet. At worst case, the exploit might be able to cause a denial-of-service situation in a WPA implementation. Judging from the set of conditions they had to set up in the lab, even that may be unlikely.
