WiFi compromise is tip of an insecurity iceberg

Commenting on reports of the discovery, the IT threat mitigation vendor states that WiFi users should be more concerned with the fact that wireless passwords are themselves insecure. Cryptzone CTO Anders Hansson says the fact that the WEP and WPA wireless password systems have long since been cracked, while WPA2 passwords can also be cracked in just a few hours, means the new WPS loophole discovery is a minor security issue. "Using software such as Elcomsoft's Wireless Security Auditor, it's now possible to stage a high-powered dictionary attack on a WPA2-passphrase protected wireless system and generate results in just a few hours," he explains. "Against this backdrop, the fact that the WPS method of allowing easy connection to a wireless network has been compromised is actually something of an irrelevance, since there are several other methods of cracking a WPA2 wireless passphrase," he adds. Hansson goes on to say that the WiFi Alliance originally developed WPS as a means of simplifying the connection of a device to a office wireless network, with the router including a flag in the EAP-NACK message that tells the user if the first half of the passphrase they have typed is correct. The security flaw, he explained, reduces the time it takes to crack an average WPA2 passphrase down to 104x103 attempts - about 11,000 attempts in total. "Assuming you are using software capable of generating and using - say - 10 passphrase attempts a second (600 a minute), it doesn't take a mathematical genius to realise that a WPA2-WPS router passphrase can be compromised in under 20 minutes," states Hansson.