SOURCE: AirTight Networks, Inc.

November 10, 2008 08:00 ET

AirTight Adds Upgrade to SpectraGuard to Protect Against Newly Discovered TKIP WPA Hack

Latest PCI DSS 1.2 Standard Requiring Upgrade to WPA/WPA2 Could Leave Retailers Confused About Next Steps for Wireless Security

MOUNTAIN VIEW, CA--(Marketwire - November 10, 2008) - AirTight® Networks, the leading provider of wireless intrusion prevention systems (WIPS) and wireless vulnerability management, today announced an upgrade will be added to its SpectraGuard® Enterprise product to provide WPAGuard™ -- the ability to detect, prevent and locate an attacker using the newly discovered Temporal Key Integrity Protocol (TKIP) vulnerability on Access Points (AP) using Wi-Fi Protected Access (WPA) encryption protocol. Two researchers, Erik Tews and Martin Beck have partially broken the TKIP in less than 15 minutes and will demonstrate this attack at PacSec 2008 in Tokyo this week.

This latest development could lead to new wireless network attacks on those enterprises which have gone only as far as upgrading to WPA instead of WPA2 to remain protected. According to independent security consultant Raul Siles, "This new research opens the door to new WPA(2)/TKIP attacks and future enhancements, so it is time to start applying and planning the appropriate security countermeasures to remove or mitigate this and similar future threats." Siles emphasizes this attack can also work against WPA2 if configured with TKIP because WPA2 allows both, AES and TKIP (while WPA only allows TKIP). Because the vulnerability is in TKIP, both WPA and WPA2 can be affected.

"While the attack appears to have elegantly woven together residual vulnerabilities from WEP and 802.11 QoS features to poke a hole in TKIP, it is an exaggeration to say TKIP is broken. Nonetheless this new discovery does create some cause for concern as so many companies have been migrating to WPA to avoid the security challenges that WEP presented," said Dr. Hemant Chaskar, director of technology at AirTight. "It reinforces the fact that companies cannot rely on a single point of failure for security in their premises. No matter what infrastructure or encryption method you are using, this latest discovery points out the need for multi-layered protection that includes not only strong encryption and authentication, but also an overlay WIPS."

This newly discovered vulnerability could be of particular significance to the retail community which now must upgrade to WPA to meet the newest PCI DSS 1.2 wireless security standards announced last month by the PCI SSC. The new standards require the replacement of WEP in current installations by mid-2010 and the use of WPA in new installations after June of 2009. But this discovery places the security of the WPA standard in question as well.

Presently, AirTight's SpectraGuard monitors for the use of TKIP in violation of AES policy and quarantines those clients or access points. AirTight will provide an upgrade to detect, prevent and locate the attacker of the newly discovered TKIP vulnerability. This will prevent such an attack from being successful.

"As AirTight did in 2007 when it included WEPGuard™ in its product to give its customers a higher level of security until such time as they could upgrade to more secure protocols such as WPA and WPA2, this latest upgrade to SpectraGuard demonstrates once again AirTight's leadership and responsiveness to the needs of its customers in addressing new and emerging threats in a timely manner," continued Chaskar.

AirTight offers a complete wireless intrusion prevention system to help detect, classify, prevent and locate wireless threats. The products can be purchased as a traditional WIPS security or as a hosted wireless vulnerability management. AirTight also offers a wireless planning service to help companies who are planning to deploy wireless in their stores, warehouses, distribution centers, or offices -- to ensure adequate coverage and security.

About AirTight Networks

AirTight Networks, the industry standard for wireless vulnerability management, is the only company that offers customers a flexible, end-to-end solution that gives them visibility into their wireless security posture and a choice in how to manage it. AirTight provides full wireless intrusion prevention systems (WIPS) and the world's first on demand wireless vulnerability management service. AirTight's patented technology delivers the key elements of an effective WIPS to eliminate false alarms, block wireless threats immediately and automatically and locate wireless devices and events with pinpoint precision. AirTight's customers include global retail, financial services, corporate, education and government organizations. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit

AirTight Networks and the AirTight Networks logo are trademarks; AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.

Contact Information