AirTight Adds Upgrade to SpectraGuard to Protect Against Newly Discovered TKIP WPA Hack

Latest PCI DSS 1.2 Standard Requiring Upgrade to WPA/WPA2 Could Leave Retailers Confused About Next Steps for Wireless Security

Mountain View, Calif. - November 10 2008 - AirTight® Networks, the leading provider of wireless intrusion prevention systems (WIPS) and wireless vulnerability management, today announced an upgrade will be added to its SpectraGuard® Enterprise product to provide WPAGuard^TM - the ability to detect, prevent and locate an attacker using the newly discovered Temporal Key Integrity Protocol (TKIP) vulnerability on Access Points (AP) using Wi-Fi Protected Access (WPA) encryption protocol. Two researchers, Erik Tews and Martin Beck have partially broken the TKIP in less than 15 minutes and will demonstrate this attack at PacSec 2008 in Tokyo this week.

This latest development could lead to new wireless network attacks on those enterprises which have gone only as far as upgrading to WPA instead of WPA2 to remain protected. According to independent security consultant Raul Siles, "This new research opens the door to new WPA(2)/TKIP attacks and future enhancements, so it is time to start applying and planning the appropriate security countermeasures to remove or mitigate this and similar future threats." Siles emphasizes this attack can also work against WPA2 if configured with TKIP because WPA2 allows both, AES and TKIP (while WPA only allows TKIP). Because the vulnerability is in TKIP, both WPA and WPA2 can be affected.

"While the attack appears to have elegantly woven together residual vulnerabilities from WEP and 802.11 QoS features to poke a hole in TKIP, it is an exaggeration to say TKIP is broken. Nonetheless this new discovery does create some cause for concern as so many companies have been migrating to WPA to avoid the security challenges that WEP presented, " said Dr. Hemant Chaskar, director of technology at AirTight. "It reinforces the fact that companies cannot rely on a single point of failure for security in their premises. No matter what infrastructure or encryption method you are using, this latest discovery points out the need for multi-layered protection that includes not only strong encryption and authentication, but also an overlay WIPS."

This newly discovered vulnerability could be of particular significance to the retail community which now must upgrade to WPA to meet the newest PCI DSS 1.2 wireless security standards announced last month by the PCI SSC. The new standards require the replacement of WEP in current installations by mid-2010 and the use of WPA in new installations after June of 2009. But this discovery places the security of the WPA standard in question as well.

Presently, AirTight’s SpectraGuard monitors for the use of TKIP in violation of AES policy and quarantines those clients or access points. AirTight will provide an upgrade to detect, prevent and locate the attacker of the newly discovered TKIP vulnerability. This will prevent such an attack from being successful.

"As AirTight did in 2007 when it included WEPGuard^TM in its product to give its customers a higher level of security until such time as they could upgrade to more secure protocols such as WPA and WPA2, this latest upgrade to SpectraGuard demonstrates once again AirTight's leadership and responsiveness to the needs of its customers in addressing new and emerging threats in a timely manner," continued Chaskar.

AirTight offers a complete wireless intrusion prevention system to help detect, classify, prevent and locate wireless threats. The products can be purchased as a traditional WIPS security or as a hosted wireless vulnerability management. AirTight also offers a wireless planning service to help companies who are planning to deploy wireless in their stores, warehouses, distribution centers, or offices - to ensure adequate coverage and security.

About AirTight Networks
AirTight Networks is a global provider of secure Wi-Fi solutions that combine its patented and industry-leading wireless intrusion prevention system (WIPS) technology with the next generation cloud-managed, controller-less Wi-Fi architecture. This unified approach allows enterprises for the first time to benefit from Wi-Fi access while concurrently protecting their networks 24/7 from wireless threats at no additional cost. AirTight's customers include global enterprises across virtually all industries and range from those who overlay AirTight WIPS^TM on top of other WLAN solutions, to those who leverage the AirTight Cloud Services^TM to rollout and manage AirTight Wi-Fi^TM, WIPS, and regulatory compliance (e.g., PCI) across tens of thousands of locations from a single console. AirTight owns the seminal patents for wireless intrusion prevention technology with 29 U.S. and international patents granted, and more than 20 additional patents pending. For more information, please visit: www.airtightnetworks.com.

Media Contacts:
Della Lowe
AirTight Networks
Tel: +1 (650) 934 8191
della.lowe@airtightnetworks.com