For years, security managers have been frustrated by the continued use of outdated Wi-Fi encryption standards that have been proved to be insecure. Now it appears that standards groups are going to do something about it.
According to a news report by H-Online, the Wi-Fi Alliance -- which tests the interoperability of IEEE wireless LAN products -- has scheduled a phaseout of products that use WEP and TKIP, two encryption standards that have been repeatedly broken by security researchers.
"As early as January of 2011, the WFA plans to disallow TKIP for new access points (APs); from 2012, the obsolete standard is to be disallowed in all Wi-Fi devices," the report states. "For WEP, the bell will toll a little later: From 2013, APs will no longer be allowed to offer WEP, and a year later the standard will be disallowed in all Wi-Fi devices."
In addition, the WPA2-Mixed mode, in which access points are allowed to offer TKIP for secondary encryption, will be removed in 2014, the report says. Only WPA2-AES will be permissible from then on.
Many users believe they can keep their Wi-Fi transmissions safe by using WEP or TKIP -- and because the technologies are often shipped in new products, they have no reason to believe otherwise. Even at the RSA conference earlier this year -- a conference attended primarily by security professionals -- more than 60 percent of Wi-Fi nodes were still using WEP or TKIP.