So I was reading the AirMagnet Cisco OTAP vulnerability, which is bad. This is a vulnerability that deserves its own blog post. I was then directed/distracted to an article that suggests that WPA is completely broken. *gasp* another wireless “privacy” standard bites the dust. There are some practical attacks against WPA including dictionary (offline) attacks as well as the Beck-Tews attack that can recover the WPA key in 12-15 minutes with some limitations (WLAN must support 802.11e). This new attack by the Japanese researchers Ohigashi and Morii claims that WPA can be broken in 4 minutes. If this attack is legit and more than just theory, it would be yet another failed wireless encryption standard.
After some Googling I found the researcher’s paper describing the attack. I have mirrored the paper here. As far as I can tell, this latest WPA exploit has not (yet) been made into an exploit. I will update this post as I get more information on this new attack.
Update: Dragos Ruiu mentioned the new WPA attack on Daily Dave.