Standard
Wi-Fi Protected Access (WPA) and WPA2 encryption systems are no
longer strong enough to protect wireless data following the release
of Russian password recovery software, say security experts.
The
Elcomsoft
password recovery tool enables criminals to tap into the
computing power of the latest
nVidia graphics cards to speed up encryption key cracking times
by up to 10,000 times.
Ken Munro, director of the penetration testing division of NCC
Group, said the software enables distributed supercomputing using
the spare resources of PC graphics cards in a business to greatly
increase the speed of cracking pre-shared encryption keys.
"Cracking WPA keys used to be very time consuming, but with the
speed of [graphics card] processors now, wireless keys are starting
to look vulnerable," he told Computer Weekly.
Munro said anyone using the personal or pre-shared key (PSK)
versions of WPA and WPA2 should use the maximum length of key
characters to make them more difficult to crack.
Users with the technical ability should also ensure they are
using the stronger Advanced Encryption Standard (AES) WPA
encryption cipher instead of the weaker Temporary Key Initiation
Protocol (TKIP).
"Most corporates should be using the much more resilient
enterprise versions of WPA and they will be safe, but I have known
some to use the personal version and they should upgrade as soon as
possible," said Munro.