They always knew it could be done; that a hacker with enough time and processing power could watch your WPA-protected wireless network and, eventually, decrypt your precious datas. In under 15 minutes, though? "Inconceivable!" those hypothetical security experts would say -- but they're about to get a lesson from WiFi wizard Erik Tews. He'll be giving a presentation next week at the PacSec Conference in Tokyo, describing the "mathematical breakthrough" that, he says, enables him to crack WPA-TKIP in 12 to 15 minutes. There are some limitations, as the data sent from a connected device to the compromised router is apparently still safe, but anything headed t'other way is wide open, and could even be supplanted by bogus bits sent from a Cheetos-munching hacker slouching in a rusty Ford Taurus in the parking lot. Don't believe us? Tews was the guy able to crack WEP in under a minute last year, ironically advising people to switch to WPA ASAP at the time. We can only assume WPA2 is next.

Elcomsoft has been using NVIDIA's CUDA GPU computing architecture to accelerate its Distributed Password Recovery tool for a while now, but it looks like the latest version of the cracking utility takes it to the next level -- it can break a WPA2 password using two GeForce GTX 280-based boards 100 times faster than with just a CPU. It's still a brute-force crack, but only a few packets need be sniffed, and the GPU accelerates the algorithm used to generate keys significantly -- even laptop-grade 8800M and 9800M GPUs speed things up 10 to 15 times. We wouldn't worry too much about wardrivers with trunk-mounted bladeservers going nuts, however -- the base version of the software costs $599, and things ramp up to $5,000 pretty quickly.

[Via HotHardware]

We hate to be bearers of bad news, but it looks like those of you squeaking by on a WEP-protected or unprotected wireless router have yet another reason to undertake the difficult task of selecting "WPA" on that router admin screen. A team of researchers at Indiana University have published a paper on how easily malware could spread through a densely populated area, with unprotected routers providing zero resistance, and WEP moderately more, while WPA proved generally unhackable. The spread of the malware was alarmingly similar to a biological virus, and while no such router "WiFi flu" has yet been developed by nefarious types, it's probably only a matter of time before something of its ilk takes a city by storm. In test attacks, after the initial infection phase, 10-55 percent of the routers were infected. We can do better, people. Oh, and to the guy upstairs: thanks for all the WiFi these years, those torrents will probably never be traced back to you, so don't worry.

Last fall, NEC took its WARPSTAR lineup into the realm of draft-N with the Aterm WR8200N, and thanks to all this Draft 2.0 hubbub that's going around, apparently it figured now would be a good time to hop on the next bandwagon. The Aterm WR8400N four-port router and Aterm WL300NC PCMCIA card both tout theoretical transfer rates of around 300Mbps, are backwards compatible with 802.11a/b/g devices, support "Multi SSID" / WEP / WAP protocols, and can automatically detect and connect to signals in both the 2.4GHz and 5GHz bands. No word just yet on price nor availability, but we're sure it'll get lost in the crowd of similar alternatives before too long anyway.

[Via Impress]

It's no secret that WEP isn't quite the cat's pajamas anymore when it comes to WiFi security, but the aging protocol is still used in a good many networks -- 59% in a recent survey of a large German city -- and has just been hacked beyond repair by a few security analysts. Back in 2001 when WEP was originally hacked, it took around 4 million packets of data to crack a security key. Later hacks have managed to use significantly less packets and hack a system in minutes. However, a recent development by the folks at Darmstadt University of Technology in Germany have managed to extract a 104-bit WEP key in three seconds, using a 1.7GHz Pentium M processor. It takes under a minute to collect the necessary 40,000 - 85,000 packets of data, and the hack could potentially be carried out by a strolling cellphone or PDA user. The obvious move is to switch your network to WPA, but if you've got old school hardware holding you back, there are a few security programs that can foil the attack on WEP -- for now.

For those of you who happen to be in the predicament of owning a svelte hybrid cellular / WiFi phone, yet can't get cellphone service back in the boondocks where you reside, Actiontec is kicking out a range-extending router to help you make and receive calls on your mobile handset via WiFi. Touted as a "world's first," the Wireless FMC Router acts a standard four-port 802.11b/g/n router, supports WPA2 / WEP, and comes with a rather robust firewall to keep your conversations guarded from snoopers. Additionally, it facilitates call switching between the mobile and home WiFi networks as users move in and out of the house, giving you the option to connect via your cellular network or over VoIP with the same handset and same number. Aside from acting as a "middleman between the broadband and cellular networks," it can connect / drop from the WiFi / mobile networks on-the-fly while conversing, and can purportedly support "all major carriers" as well. So if you're thinking of consolidating the amount of phone numbers attached to your name, and don't mind picking up a hybrid handset, this multifaceted router will be able to simplify your conversations for $179.99 when it lands in Q2.

Doing away with the generally well-regarded lifetime subscription was unfortunate albeit bearable, but now TiVo is really pressing its luck. Just in time for folks to slash that pricey Series3 off their holiday wishlist, the widely adored DVR company is not only upping its monthly service rates for new customers and those currently on prepaid plans, but also limiting WPA support to its own TiVo Wireless G Adapter. Just days after teasing high-rollers with its chromed-out $50 "premium remote," TiVo has announced that monthly rates are being raised to $19.95 per month for those in one-year commitments (up from $12.95 monthly), $14.95 per month if you're locked in for 24 months, and $12.95 monthly if you make the huge mistake of signing up for three solid years. For additional units in your crib, the extra $6.95 per month is now up to $13.95, $8.95, or $6.95 depending on your 1/2/3-year commitment. In a move to seemingly further limit your choices (and make things easier on its own tech support personnel), your only option for utilizing WPA on that Series2 / Series3 box is to fork out for TiVo's own 802.11g device. Apparently TiVo either thinks we're all made of money, or there's simply a lack of alternative DVR solutions waiting to take its place on your AV shelf -- both of which are probably incorrect assumptions.

Read - TiVo's wireless adaptor supports WPA [Via Zatz Not Funny]
Read - TiVo's new service rates

Setting up a secure wireless network is no easy task, due in part to the array of confusing, conflicting, and sometimes even downright ineffectual (we're looking at you, WEP) solutions to the problem. Enter the WiFi Alliance's WiFi Protected Setup, or WPS, a program slated for release later this year that aims to ease the process of securing home users' wireless networks and is intended to play nice with any WiFi-enabled consumer electronic device (say, a DAP or a camera), as long as the device passes a mandatory lab test first. Tapping into the home user's "I don't care how it works, as long as it does" mentality, WPS will make secure connections as simple as pushing a button on the WiFi-enabled device and the router that it is connecting to, although a PIN-based method is also part of the specification. The new system is similar to Buffalo Technology's Airstation One-Touch Secure System, however, unlike AOSS, WPS is an entirely non-proprietary specification that will fit right into the heterogeneous world of WiFi. Lets just hope wireless chipset and consumer electronics manufacturers get behind WPS and show some love to the peeps that don't know their WEPs from their wallets.

[Via The Register]

All of the controversy, delays, and performance concerns surrounding the IEEE's notorious pre-802.11n wireless networking spec haven't deterred TRENDnet from being the latest to announce a new family of products based on the non-final version of the MIMO-powered, next-gen WiFi standard. As you'll recall, there's been no small amount of concern that pre-n gear won't play nicely with legacy 802.11a/b/g equipment, which is why TRENDnet goes it out of its way to stress the "good neighbor behavior" exhibited by its WPA and SPI-protected TEW-631BRP router and TEW-621PC PC card -- both of which use Atheros' XSPAN technology to supposedly ensure interoperability in mixed-network environments. TRENDnet promises real-world speeds of between 150Mbps and 180Mbps , which in theory should be enough to stream around a little HD content and download some torrents while you're chatting on your wireless VoIP handset about that great post you're reading on Engadget. Both new products, along with a $150 access point and a $100 PCI adapter, are scheduled to ship on July 25th, with the router priced at $130 and the card going for an even $100.

We sure wish we'd had Linksys' WTR54GS travel router a few months ago at CES, where press room Ethernet connections were few and far between, and the single venue offering free WiFi seemingly devoid of techs to keep the network running. Mobile Tech Today also seems to think that this 802.11b/g router would have served us well, providing both basic SecureEasySetup-compatible WEP and WPA encryption along with more advanced Stateful Packet Inspection (SPI) and browser-based fine tuning options for regulating traffic. With four out five stars from MTT, the only downside to this 5.2-ounce router is its range, due mostly to the internal antenna, but when you're sitting five feet away from it in your hotel room that probably won't matter too much.

Late last year we told you about Westchester County Executive Andy Spano's law, which proposed making it illegal for Westchester County business to have open WiFi. Well, guess what: it passed. Granted, we've learned a few things about this law that makes us a little less sketch; for example, it only applies to WiFi networks of businesses that store customer credit cards or financial information -- or, to a lesser degree, cafes and hotels and the like, which if operating an open WiFi hotspot, must now post signage advising patrons to use a firewall and be wary of their network security. And even when the law goes into effect in six months it'll just be wrist-slaps: a third-offense business risks receiving a paltry $500 fine. Granted, we have no idea how Westchester plans to enforce scofflaw companies who won't change their default SSIDs (how you gonna identify who's got the Linksys?), install firewalls on servers, and implement WEP or WPA crypto, but we will definitely be keeping an eye out for city positions that read something like: "looking for hacker experienced in wardriving and snarfing / must know kismet, snort, nmap, like tools."

[Via Ars Technica]