1. Home
  2. General Telecommunications Forum
  3. WPA2 vulnerability found [telecom]

WPA2 vulnerability found [telecom]

WPA2 vulnerability found

'Hole 196' means malicious insiders could spoof WI-Fi packets, compromise WLAN

Wireless Alert By Joanie Wexler, Network World July 23, 2010 12:59 PM ET

Perhaps it was only a matter of time. But wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available.

Malicious insiders can exploit the vulnerability, named "Hole 196" by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried.

Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.

The researcher who discovered Hole 196, Md Sohail Ahmad, AirTight technology manager, intends to demonstrate it at two conferences taking place in Las Vegas next week: Black Hat Arsenal and DEF CON 18.

The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability, Ahmad says. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key.

Ahmad explains it this way:

...

formatting link

***** Moderator's Note *****

This puts my weekend world on its head. I'm now in danger of having my neighbors on this otherwise-quiet suburban street find out my ultimate secret ...

... that my life really _is_ *that* boring.

This kind of security "exploit" is tailor-made for the ever-shorter news cycle: a flash in the electronic pan perfectly timed to grab the (admittedly minute) imaginations of our nations' "reporters", and just awesome fer-shur as a "tease" for the evening news: a helping hand extended to the lizardlike programming directors of our information-spigot-spinners after Washington's spin-masters have called it quits for the weekend.

News flash: if it's in the docs, it's *NOT* an exploit.

Bill Horne Moderator

Reply to
Monty Solomon
Loading thread data ...

In our household we have 4 users and their friends using from 4 to 8 computers online. We use WEP encryption because it's the one which is most understood by the majority of wireless cards. I know I've just committed a blasphemy or something, but I monitor the connections and I have never seen anyone pirate our wireless, or even attempt to do so. And our household is in a neighborhood full of wireless users. There must be 8 or 10 routers visible at any given time, and who knows how many that aren't broadcasting.

I do understand the worries about the WPA2 encryption problem. We don't have much that anybody wants. If we operated a multi-billion dollar company or an important government agency I'm sure that this is extremely important news.

***** Moderator's Note *****

David,

If you opperated an important government agency or a multi-billion dollar company, I'm sure this would be extremely *OLD* news. Everyone in the industry knows that wireless security is flawed: like the long lines at airport "security" checkpoints, it's a compromise designed to reassure the buying public that they can spend their dollars online. What annoyed me was the timing of the announcement: a blatant PR ploy to fill the empty seconds between commercials on your local TV station's "news" broadcast.

If you use _any_ wireless connection for non-trivial purposes, connect via a well-tested VPN.

Bill Horne Moderator

Reply to
David Kaye

Ah, but there are lots of people who subscribe to WISPs - could they not (theoretically) snoop each other's web traffic?

While I'm near the subject, something I've wondered since I got my iPhone: How secure is my login information if I use my iPhone's 3G connection to log into a bank account?

Reply to
Randall

Pirating your wireless is the lesser issue. Somebody snooping into your internal communications is something you don't notice (can't notice) and is the issue that you should be concerned about.

Greetings Marc

--

-------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " |

formatting link
by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to
Marc Haber

This is true. But what's a person going to do? Given enough time to crack, no wireless is totally secure. For that matter, no EMF is totally secure. I once read that intelligence agencies can intercept room sounds by bouncing lasers off the windows, since windows bend ever so slightly to sound waves.

Reply to
David Kaye

On Mon, 26 Jul 2010 07:02:42 -0400, Randall wrote: ..........

As secure as any other HTTPS connection on any other medium.

-- Regards, David.

David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.

Reply to
David Clayton

Here's another one --

Consider a microwave cavity with 5 rigid sides whose 6th side is a metalized membrane. Cavities resonate at a given frequency, and when sound impinges the membrane the cavity's resonant frequency is modulated. If the cavity is a part of a transmitter which is powered by DC rectified from a local AM radio station's signal and the assembly is placed in a brick which is then used in the construction of, say, a building, one has a self-powered spying device. This device really works -- I used to work for the GTE Electronics Defense Labs in Mountain View CA (formerly it was Sylvania Electronic Systems - West) designing and building microwave solid state devices back in the 1960s. The stories I could tell ...

:-)

***** Moderator's Note *****

One of the Soviet's greatest intelligence triumphs during the cold war was their placement of a listening device in the American Ambassador's office in the American embassy at Moscow.

It was a passive device, not requiring any power: they constructed a very pretty copy of the American State Department seal, and placed a microwave cavity inside it, hoping (as turned out to be the case) that it would be placed in an important and secret room once presented to the Ambassador. The Soviets then "powered" the cavity by beaming a microwave transmitter through the wall into the cavity, and recovered the signal with a receiver on the same path. The voices in the room caused the cavity to vibrate, thus amplitude modulating the received signal because the sound preasure waves de-tuned the cavity.

Bill Horne Moderator

Reply to
Thad Floryan

Use a "good" WPA2 key, and change it from time to time.

Greetings Marc

--

-------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " |

formatting link
by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to
Marc Haber

One correction: it was in the Residence, Spaso House, not his office at the Embassy. Look for "Little Gem"...

Reply to
David Lesher

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.