RSS Alerts

Related Links

Related Stories

  • Minnesota WiFi hacker who threatened vice president indicted
    A Minnesota man was indicted yesterday for an incident where he allegedly hacked into a neighbor’s WiFi network and sent threatening emails to the vice president, governor of Minnesota, and a US senator.
  • Comment: SaaS Offerings for Wireless PCI Compliance
    The first PCI DSS compliance deadline is approaching in September, and with that comes the ever-growing concerns over protecting payment card information transmitted over wireless connections. Ajay Kumar Gupta of AirTight Networks discusses the various SaaS offerings that allow small and medium-sized business to achieve compliance while improving WiFi security.
  • WPA Cracked
    A newly-discovered vulnerability in a common wireless network encryption standard is a timely warning to business to upgrade to the latest encryption version, say security experts.
  • Comment: Smart grid security – the path ahead
    IOActive’s Joshua Pennell implores AMI vendors to use a secure development lifecycle to maintain the security and availability of ‘smart grid’ technologies
  • Comment: Why Cybercriminals Love WiFi
    AirTight Network’s Ajay Kumar Gupta says it’s no coincidence that cybercriminals like to use WiFi connections. Here he provides an overview of the reasons why, and what can be done to prevent them from using your wireless network as an accomplice.
    Members' Content

News

Researcher discovers WPA2 security vulnerability

26 July 2010

A senior wireless security researcher at AirTight Networks has uncovered a hack for encrypted wireless networks that does not require an encryption key, one the vendor calls a documented yet little know vulnerability for WPA2.

The wireless intrusion prevention provider publicized the WPA2 vulnerability late last week and plans on demonstrating the concept at the upcoming Black Hat and DEF CON conferences this week in Las Vegas.

AirTight’s Md Sohail Ahmad discovered the WPA2 exploit, which the company said is located on the last line of page 196 of the IEEE 802.11 Revised Standard, which prompted the firm to dub it ‘Hole 196’.

Ajay Gupta, writing in his blog for Infosecurity, said that until now, WPA2 security (AES encryption, with 802.1x authentication) was thought to be one of the most secure WiFi security deployments, owing to the strength of WPA2 against brute-force dictionary attacks. The tech lead of engineering for AirTight added although WPA2 is immune from the TKIP vulnerability affecting WPA configurations, both are susceptible to Hole 196.

“Exploiting the 'Hole 196' vulnerability is simple and easy”, Gupta wrote. “Hence, the vulnerability can lead to practical insider attacks (launched by disgruntled employees or Cyberspies) when compared with the WPA TKIP vulnerability, which was largely of theoretical interest and difficult to exploit for launching any practical attacks.”

According to Ahmad, the Hole 196 vulnerability “allows authorized users to bypass private key encryption and authentication”, making networks particularly vulnerable to insider threats. The WPA2 exploit, claimed AirTight Networks, can be implemented via current open-source software and can only be detected by monitoring over air network traffic.

"Unlike the TJX breach where data was stolen over unsecured WiFi, this finding is concerning because organizations are relying on WPA2 for its strong encryption and authentication”, said Pravin Bhagwat, CTO for AirTight, in a press release statement. “Since there is no fallback in the 802.11 standard to address this hole, AirTight felt it was important to raise awareness around it.”

 

This article is featured in:
Encryption Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water