IT security firm Global Secure Systems says that a Russian’s firm’s use of new NVidia graphics cards to accelerate WiFi ‘password recovery’ by 10,000% proves that WPA and WPA2 encryption are no longer enough to protect wireless data.
“This breakthrough in brute force decryption of WiFi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data,” says David Hobson, GSS’ managing director.
“As a result, we now advise clients using WiFi to move on up to a VPN encryption system as well. Brute force decryption of the WPA and WPA2 systems, using parallel processing, has been on the theoretical possibilities horizon for some time – and presumably employed by government agencies in extreme situations – but the use of the latest NVidia cards on a standard PC is extremely worrying,” he adds.
According to Hobson, companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with impunity, so the use of VPNs is now mandatory for companies wanting to comply with the Data Protection Act.
“The $64,000 question is what happens when hackers secure a pecuniary advantage by gaining access to company data flowing across a WPA or WPA2-encrypted wireless connection. Will the Information Commissioner take action against the company concerned for an effective breach of the Data Protection Act?”