Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.

With the advent of wireless networks and other technologies, we are increasingly exposing our data to the risk of theft and interception by third parties with nothing more than a notebook computer and some freely available tools, which can be acquired online.

Whilst most home users and many organizations are now aware of the security implications of having unsecured private networks, the truth is that not many are aware of the limitations and the vulnerabilities that exist with wireless communications.

Wireless networks using older encryption technology are easily attackable using brute force attack.  By snooping encrypted packets for long enough, potential intruders can extrapolate the encryption key and gain access to the network.

This means the whole network becomes compromised and as a direct result of poor encryption standards, e-mails and other communications can be intercepted with ease.

To secure wireless networks, it is recommended to ensure that more popular and recognized encryption protocols are used and that key strength is strong enough to mitigate the risks of brute force attack.

However, many networks can still be breached so it is important to ensure that networks offer multiple layers of protection.  One way of protecting data, file transfer and VOIP communications that occur on a wireless network is to ensure that third party encryption software is used that effectively ‘double-encrypts’ any sensitive data being broadcasted wirelessly.

This ensures not only that the information is secure, but also reduces the value of data which is sniffed off the air, as it is essentially worthless due to the fact it is encrypted.

Various world governments have started significant research into one-touch hacking tools, which can be utilized on the battlefront.  These tools are being designed to be able to target weaknesses in Wi-Fi networks as well as intercept VoIP communications and satellite relays.

Following recent developments, the United States government has publicized the fact that it is researching such technologies in order to empower and increase the role of the battlefront soldier.  This technology should enable users to exploit weaknesses in security, control power grids and manipulate security systems remotely.

This is of great concern to any organization because this technology is just a showcase of what is actually currently available online.  Things such as packet sniffers, WEP and WPA-PSK key decryptors have been available online from one source or another for years and it is only now that the government is starting to adopt the practices of experienced hackers and adapt them for battlefield use.

The modern organization faces a real threat of digital attack on a daily basis, and with tools on this being developed by the government; one can only imagine what is available to the digital underground.

Traditional security measures in the forms of IDS systems, firewalls and others are no longer adequate when it comes to protecting security.  Organizations need to stop thinking about ‘if’ they are breached, but ‘when’ they will be breached.  By changing company focus from that of prevention to limitation ensures that should the worst-case scenario occur, companies can still minimize risk by ensuring all assets are secure with technologies such as advanced Encryption amongst others.

Gold Lock Enterprise not only serves as a military grade voice encryptor, but actually works to ensure that all file and text communications are also protected from hackers at a level equivalent to that in use by the NSA and worldwide military organizations.

With the recent publications trying to publically denounce the safety of Wi-Fi hotspots, many travelers and business people aren’t actually taking a great deal of notice.

After all, when was the last time the cafe had a notice announcing that the information you transmit may be visible to others?  The truth is, while people are now smarting up to the dangers of using unsecured private networks, they are still placing large amounts of trust in the highly dangerous public Wi-Fi networks.

People are constantly under the assumption that because many of these networks are a ‘paid’ service, that they are secure.  But look at the basic facts.  It is a shared medium.  Airports, coffee shops and shopping malls are rapidly becoming major sources of targets for cyber criminals who only need to sit outside with a laptop and a network card.

However, whilst it is always recommended that sensitive data is never exposed to a non-trusted network, the advent of encryption and virtual private networks now means that companies can afford themselves an extra layer of security.

But, virtual private networks do not mitigate against one of the biggest threats faced by business travelers and individuals – the risk of complete hardware theft or loss, which can cost organizations in excess of $20,000 per system, compared to the relatively small expense of integrating file and disk encryption into their security policies.

These days, many WI-FI networks are being monitored by hackers.  Perhaps the person sitting next to you at the airport is secretly recording every byte you transmit?  Maybe they are going to steal your thumb-drive the next time you are not looking?

The idea that people can live without encryption these days is absurd.  The risks associated such as cyber snooping, and the theft of high value information is great in an age where we are reliant on wireless communications and portable computers.

In today’s world of wireless networks and internet communications, would you be surprised to know that the majority of information you send over the internet is viewable by third parties?
The shocking truth is that many of our activities over the Internet are highly vulnerable to third party man in the middle attacks.

This presents a variety of real and pressing issues for both home users and businesses, which may be conducting business via risky unsecured networks.

A recent study found that many people still think it is safe to access an unencrypted wireless network. With the number of unencrypted networks rising in places such as airports, hotels and cafes there is a misconception that they are secure places to carry out remote working.

This could not be further from the truth due to the way that the HTTP protocol and the internet in general works. Literally, every website you visit will be available to hackers with little equipment other than a laptop and a powerful Wi-Fi receiver. The person sitting next to you may be intercepting everything you read online, the e-mails you send and any communications via instant messenger.

It does not stop there however; unencrypted wireless networks are real gold mines for even novice hackers. If you’re in the business of sending sensitive e-mails at the local cafe, just remember that what is being sent is visible to anyone with the same equipment you have (laptop & computer).

Luckily, information theft is preventable with adequate security policy. One of the best ways to ensure that information is safe is by using virtual private networks to link back to your office and effectively encrypt everything. However, even in some cases, this is not sufficient and as a result some form of encryption is always recommended to ensure that e-mail security and file security is maintained.