LinkBack URL
About LinkBacks
WPA2 vulnerability found
Read more'Hole 196' means malicious insiders could spoof WI-Fi packets, compromise WLAN
Perhaps it was only a matter of time. But wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available.
Malicious insiders can exploit the vulnerability, named "Hole 196" by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried.
Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.
The researcher who discovered Hole 196, Md Sohail Ahmad, AirTight technology manager, intends to demonstrate it at two conferences taking place in Las Vegas next week: Black Hat Arsenal and DEF CON 18.
The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability, Ahmad says. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key.
What can we do about Hole 196?
"There's nothing in the standard to upgrade to in order to patch or fix the hole," says Kaustubh Phanse, AirTight's wireless architect who describes Hole 196 as a "zero-day vulnerability that creates a window of opportunity" for exploitation.
Via
Results 1 to 5 of 5
Thread: WPA2 vulnerability found
- Moderator
- Join Date
- Dec 2008
- Location
- Italy
- Posts
- 6,895
- Liked
- 1067 times
- Points
- 71,755
WPA2 vulnerability found
Roger and out
- Whiz Kid
- Join Date
- Sep 2008
- Location
- Albania
- Posts
- 1,771
- Liked
- 80 times
- Points
- 20,857
Wireless encryptions have always been easy to crack so this is not a big surprise to me. Thanks for the news leo!! I will keep this in mind in when I'll configure my router. I'm planing to get my own internet connection pretty soon.
Screw Google! Ask me!
- The Specialist *
- Join Date
- May 2010
- Location
- KOLKATA
- Posts
- 5,162
- Liked
- 731 times
- Points
- 47,580
Thanks for the news leo. It's bad now they need to invent some more complex security protocol.
I don't need to know everything, I just need to know where to find it, when I need it.
- Moderator
- Join Date
- May 2010
- Location
- Eire /The Garden of Ireland
- Posts
- 5,486
- Liked
- 1750 times
- Points
- 31,018
Thanks for pointing this new flaw out Leo... i think i will toss the pc out the window..
seriously though it's getting as bad as some of the housing estates in Dublin, nothing is safe.......it seems the only benefits are for security firms selling their wares.....
Stutz Bearcat
- Classic Auto Buff
- Join Date
- Apr 2009
- Location
- United States
- Posts
- 2,039
- Liked
- 179 times
- Points
- 377
Thanks Leo. Good to know!
There may be a bit of snow on the roof, but there is still a fire blazing in the hearth!
Reply With QuoteSimilar Threads
-
Boot Device Not Found
By Swarup in forum HardwareReplies: 5Last Post: 11-22-2009, 08:02 PM -
Found new hardware:PCI Device
By kanka0901 in forum HardwareReplies: 6Last Post: 03-18-2009, 10:08 AM -
I think I Found My Mac
By hellnoire in forum General ForumReplies: 2Last Post: 02-13-2009, 12:46 AM -
A new game was found
By mkhhelen in forum General ForumReplies: 25Last Post: 07-04-2008, 11:48 AM
