Just when you think that it’s safe to play outside with your new security-enhanced wireless laptop computer, it seems that some brainiac always has to go and figure out a way to trash your playground. Well, dear readers, the playground has been trashed again. Two German researchers recently discovered flaws in what was once thought to be the fairly secure wireless protocol known as WPA.
The security of wireless networking, also know as “wi-fi,” has always been a bit of a cat-and-mouse game. Shortly after wi-fi began to be used, the need for some sort of security protection became apparent. Without any protection, anyone within range of the network can help themselves to a free Internet connection. If they really know what they’re doing, they can also hack into other computers connected to the network. For more background on the subject, you may wish to read the article that I wrote in July of 2006 titled “Thank you for the free Internet service.”
The first wi-fi security scheme, known as a “protocol,” was Wired Equivalent Privacy (WEP). WEP provided a way of encrypting wi-fi radio signals, which could only be decoded if you knew the right password, or “key.” WEP was quickly hacked and cracked, though, rendering it completely insecure. WEP was superseded in 2003 by Wi-fi Protected Access (WPA). WPA supports stronger encryption schemes, and, combined with strong passwords, has been a pretty secure way of enjoying wireless networking. I have personally setup many wireless networks for my customers using WPA. Until today, my personal home wireless network also used WPA.
The brainiacs who cracked WPA, Erik Tews and Martin Beck, from the Technical University of Darmstadt, Germany, didn’t stop with simply sharing the results of their research with other security experts. They also designed a hacking tool that implements their research. This means that any Johnny Wannabeahacker can download the tool and start attacking your network. While that may sound scary, it is not, in and of itself, a bad thing, because the more people know about weaknesses in WPA, the more they can start to secure their networks.
While WPA can sort of be bandaged up to be a little bit more secure, the best thing to do is to move to the newer WPA2 protocol. WPA2 is infinitely more secure than WPA, and has been required in certified wi-fi equipment sold since March, 2006. To date, there are no known security holes in WPA2. Some older equipment can be upgraded to use WPA2, some cannot. I was glad to learn that my Netgear wi-fi access point could be upgraded to use WPA2; all I had to do was download and install what’s known as a “firmware” upgrade. For some folks, though, upgrading to WPA2 will mean scrapping their old, out-dated wireless routers and cards and buying new equipment. Such is the case for my beloved SMC high power wi-fi laptop card. It was great in its day, but will have to be replaced.
This is the reality of computers and their associated components: computers are not an investment; they are an expense. New equipment comes along; old equipment goes in the scrap pile. Begin now with your plans for upgrading your wi-fi network to WPA2. You have been warned.