WiFi security is no longer secure

Global Secure Systems, the value-added IT security consultancy, says that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi "password recovery" times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data.

"This breakthrough in brute force decryption of WiFi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data. As a result, we now advise clients using WiFi in their offices to move on up to a VPN encryption system as well," said David Hobson, GSS' managing director.

"Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time - and presumably employed by relevant government agencies in extreme situations - but the use of the latest NVidia cards to speedup decryption on a standard PC is extremely worrying," he added.

According to Hobson, companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with impunity, so the use of VPNs is arguably now mandatory for companies wanting to comply with the Data Protection Act.

This is, he said, an interesting step in the evolution of WiFi security, as, it may actually trigger a move back to hard-wired connections in financial institutions who are concerned about data privacy.