| Hole 192 in WPA2 Security Protocol |
 |
 |
 |
| Wednesday, 28 July 2010 19:19 | |
|
Wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Allows an authorized user to spoof packets on the network and thereby perform man-in-the-middle attacks, impersonating other users and injecting data into packets. Complete details of the attack, designated "Hole 196" by Ahmad, aren't yet available, but it may be limited to the WPA2-EAP standard. It may not affect the WPA2-PSK used on smaller, unmanaged access points like home routers.
WPA2 uses two types of packets, PTK (Pairwise Transient Keys) and GTK (Group Temporal Keys). The former are used by clients for protecting unicast traffic and the latter for broadcast traffic. GTKs cannot detect address spoofing and data forgery. If a client forges a GTK broadcast packet other clients will respond with their own MAC address and private key information. Ahmad claims that this behavior is to spec (page 196 of the IEEE 802.11 standard, hence "Hole 196") and that there's nothing to fix in the implementation. The only way to protect your network is to monitor all wireless traffic for it. AirTight networks, incidentally, sells Wireless Intrusion Prevention Systems. See more at Network World.
Set as favorite
Bookmark
Email this
Hits: 1818 Comments (0)
 Write comment
|
| Last Updated on Wednesday, 28 July 2010 19:35 |
Subscribe to this comment's feed
