Wi-Fi Security Is No Longer Secure

A Russian firm’s use of the latest nVidia graphics cards to accelerate Wi-Fi ‘password recovery’ times by up to an astonishing 10,000% proves that Wi-Fi’s WPA and WPA2 encryption systems are no longer enough to protect wireless data.

This breakthrough in brute force decryption of Wi-Fi signals by Elcomsoft confirms observations that firms can no longer rely on standards-based security to protect their data. As a result, companies using Wi-Fi in their offices may want to cross their fingers. Alternatively, you may want to think of moving on up to a VPN encryption system as well.

Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time - and presumably employed by relevant government agencies in extreme situations - but the use of the latest nVidia cards to speedup decryption on a standard PC is extremely worrying, even if totally fascinating. The acceleration technology offloads parts of computational-heavy processing onto the fast and highly scalable processors featured in nVidia’s latest graphic accelerators.

As companies can no longer view standards-based Wi-Fi transmission as sufficiently secure against eavesdropping to be used with impunity, the use of VPNs is arguably now mandatory for companies wanting to comply with the Data Protection Act. This is an interesting step in the evolution of Wi-Fi security, as, it may actually trigger a move back to hard-wired connections in institutions who are concerned about data privacy. I told you so!

The big question, of course, is what happens when hackers secure a pecuniary advantage by gaining access to company data flowing across a WPA or WPA2-encrypted wireless connection. Will the Information Commissioner take action against the company concerned for an effective breach of the Data Protection Act?