Standard Wi-Fi Protected Access (WPA) and WPA2 encryption systems are no longer strong enough to protect wireless data following the release of Russian password recovery software, say security experts.
Ken Munro, director of the penetration testing division of NCC Group, said the software enables distributed supercomputing using the spare resources of PC graphics cards in a business to greatly increase the speed of cracking pre-shared encryption keys.
"Cracking WPA keys used to be very time consuming, but with the speed of [graphics card] processors now, wireless keys are starting to look vulnerable," he told Computer Weekly.
Munro said anyone using the personal or pre-shared key (PSK) versions of WPA and WPA2 should use the maximum length of key characters to make them more difficult to crack.
Users with the technical ability should also ensure they are using the stronger Advanced Encryption Standard (AES) WPA encryption cipher instead of the weaker Temporary Key Initiation Protocol (TKIP).
"Most corporates should be using the much more resilient enterprise versions of WPA and they will be safe, but I have known some to use the personal version and they should upgrade as soon as possible," said Munro.