[I]t’s a method of decrypting and arbitrarily and successfully re-encrypting and re-injecting short packets on networks that have devices using TKIP. That’s a very critical distinction; this is a serious attack, and the first real flaw in TKIP that’s been found and exploited. But it’s still a subset of a true key crack.

Tews pointed out that “if you used security features just for preventing other people from using your bandwidth, you are perfectly safe,” which is the case for most home users. Someone can’t use this attack to break into a home or corporate network, nor decipher all the data that passes.

While this first crack of WPA allows attackers to, “slip a knife into a crack in the encryption scheme and send bogus data,” that crack will widen over time. Good to know that WPA2’s AES encryption is not susceptible.

[Via Daring Fireball]