Wi-Fi WPA2 Vulnerability Found

← Back to Stories (view on slashdot.org)

Wi-Fi WPA2 Vulnerability Found

Posted by kdawson on Saturday July 24, 2010 @11:43AM from the keep-your-enemies-closer dept.

BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. "...wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named 'Hole 196' by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. 'There's nothing in the standard to upgrade to in order to patch or fix the hole,' says Kaustubh Phanse, AirTight's wireless architect who describes Hole 196 as a 'zero-day vulnerability that creates a window of opportunity' for exploitation." Wi-Fi Net News has some more detail and speculation.

43 of 213 comments (clear)

so, not a hole by Bizzeh · 2010-07-24 11:48 · Score: 2, Insightful

so rather than a hole, its more a forced proxy? a user who knows your password, is decrypting your traffic, and re-broadcasting it with different content... if this user has your password, you need to have a think about who you give your password to

--
portfolio
1. Re:so, not a hole by Iwanowitch · 2010-07-24 12:02 · Score: 5, Insightful
  
  Unless the wifi network is at a Starbucks, a university or a corporation.
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  
  --
  One CS student VS 893 DOS games: Let's play oldies
2. Re:so, not a hole by Culture20 · 2010-07-24 12:14 · Score: 4, Insightful
  
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  How's he do that? Am I relying on WPA2 as my only encryption across the 'net?
3. Re:so, not a hole by Anonymous Coward · 2010-07-24 12:14 · Score: 2, Insightful
  
  Not through my SSL or VPN connection, he can't.
4. Re:so, not a hole by fwr · 2010-07-24 12:30 · Score: 5, Interesting
  
  Sigh. Understand the protocol before commenting, or at least RTFA. There IS an individual key per user. But, there is also a shared key used for broadcast traffic. The problem is that the shared key is not authenticated, so a user who knows the shared key (i.e., anyone with access to the wireless network), can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys. A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.
5. Re:so, not a hole by jijacob · 2010-07-24 12:42 · Score: 4, Insightful
  
  ssh -D is just a terminal away.
6. Re:so, not a hole by Anonymous Coward · 2010-07-24 13:07 · Score: 2, Funny
  
  Creepy guy? Wow, you sound like an ignorant female. Laughing aloud.
7. Re:so, not a hole by MagicM · 2010-07-24 13:11 · Score: 2, Insightful
  
  can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys
  I haven't read the spec, but it seems odd that per-user keys would be given up or changed in response to a broadcast message. Could this attack be mitigated by only performing these kinds of actions in response to direct, non-broadcast messages?
8. Re:so, not a hole by bitslinger_42 · 2010-07-24 14:19 · Score: 2, Interesting
  
  The real fix would be to get users to realize that there's no such thing as a secret when you're yelling loud enough that people a half a block away can hear you. Even if you're talking in code, chances are, if someone really wants to screw with you, they'll figure out how.
  Wireless networking is a convenience, and at Layer 2, there probably isn't much that can be done to secure traffic. If you want secure, either use your own encryption (IPSEC, SSL/TLS, SSH, etc.) or use a wire.
9. Re:so, not a hole by squiggleslash · 2010-07-24 14:32 · Score: 4, Interesting
  
  In my experience, the most popular email system out there is Yahoo! Mail, and the web interface doesn't do any encryption except for the logging in process.
  Frankly though, email should generally be considered insecure anyway. It's usually transmitted, somewhere along the chain, in plain-text, and you only have (limited) control over your own connection, not the connection of the party you're communicating with. The pseudo-elitists posting here claiming that they're OK because, unlike the great unwashed, they use HTTPS when they connect to their web mail, are fooling themselves.
  
  --
  You are not alone. This is not normal. None of this is normal.
10. Re:so, not a hole by Nyder · 2010-07-24 14:47 · Score: 5, Insightful
  
  Unless the wifi network is at a Starbucks, a university or a corporation.
  That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  No, the creepy guy sitting 2 tables from you? he's just viewing porn.
  See that nice dressed business woman? She's stealing your data.
  
  --
  Be seeing you...
11. Re:so, not a hole by zippthorne · 2010-07-24 15:47 · Score: 4, Interesting
  
  So.. its the same as the wired ethernet, then? Except that instead of just plugging in a wire and sniffing away, it takes a small amount of effort?
  I guess "WiFi is slightly safer than wired networks, when it comes to malicious peers" isn't quite as attention grabbing a headline.
  
  --
  Can you be Even More Awesome?!
12. Re:so, not a hole by mr+exploiter · 2010-07-24 15:51 · Score: 2, Insightful
  
  Am I the only who thought that WPA didn't protected against what this "attack" is doing? I'm not convinced either that this is a real vulnerability.
13. Re:so, not a hole by Your.Master · 2010-07-24 18:22 · Score: 2, Insightful
  
  Pedestrians should look both ways before they cross the road and observe the local traffic laws and customs. That's taking an active interest in your own personal security. But also, vehicle operators should be wary of pedestrians and certainly try not to run them over, even if they don't look both ways.
  The problem here isn't that we shouldn't strive to educate users. The problem is that the user being poorly educated in these matters isn't an excuse for running somebody over.
14. Re:so, not a hole by hitmark · 2010-07-24 20:16 · Score: 3, Insightful
  
  depends on how diligently one checks the certificates.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
15. Re:so, not a hole by silverdr · 2010-07-24 20:38 · Score: 2, Interesting
  
  > That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
  
  Can he?
  
  Ah - you wrote "_your_ e-mail", right? I am pretty sure he can't do much of reading of _my_ e-mail based on this particular exploit.
  
  And if _you_ rely on WPA (or whatever) within your (W)LAN to protect you from unauthorised reading of your e-mail, then you should really reconsider your approach to data security.
  
  --
  Now, mod me down freely. My karma can't get any worse...
16. Re:so, not a hole by Anne+Thwacks · 2010-07-24 21:18 · Score: 3, Insightful
  
  you'll be quite famous.
  or assassinated
  
  --
  Sent from my ASR33 using ASCII
17. Re:so, not a hole by amorsen · 2010-07-24 22:30 · Score: 3, Informative
  
  Do not rely on switches for security within a particular VLAN, unless you go high-end and really know what you are doing. There are a million ways to beat switch "security", including mac spoofing, forcing the switch to flood traffic, fake DHCP, fake ARP, fake RA or ND (on IPV6). Each of those attacks can be stopped by a sufficiently clever and well-configured switch, although right now it is difficult to find one that can do RA and ND protection.
  
  --
  Finally! A year of moderation! Ready for 2019?
18. Re:so, not a hole by nstlgc · 2010-07-24 22:53 · Score: 4, Funny
  
  No, the creepy guy sitting 2 tables from you? He's viewing *your* porn.
  
  --
  I'm Rocco. I'm the +5 Funny man.
19. Re:so, not a hole by RAMMS+EIN · 2010-07-24 23:25 · Score: 2, Insightful
  
  Correct. I have actually worked at organizations where they used a certificate signed by their own certificate whenever you accessed something over HTTPS. And since they had added their certificate to the trusted list in Internet Explorer, very few people actually noticed. I did not access my e-mail or enter any passwords not already known to those organizations over those links.
  
  --
  Please correct me if I got my facts wrong.
20. Re:so, not a hole by eulernet · 2010-07-25 00:28 · Score: 2, Funny
  
  See that nice dressed business woman? She's stealing your data.
  You are wrong, they mention man-in-the-middle-style, not woman-in-the-middle-style.
21. Re:so, not a hole by icebraining · 2010-07-25 01:23 · Score: 4, Informative
  
  Tunneling SSH over an HTTP-Proxy Server
  
  --
  Dilbert RSS feed
Re:WTF by Anonymous Coward · 2010-07-24 11:54 · Score: 2, Funny

You have an awfully low UID for such a huge troll!
Not that big a deal... by Denis+Lemire · 2010-07-24 11:59 · Score: 4, Insightful

This vulnerability is only useful if the attacker knows your WPA key. In other related news, it has been discovered that those who know your root password can delete all your files.
1. Re:Not that big a deal... by tagno25 · 2010-07-24 12:06 · Score: 2, Interesting
  
  This vulnerability is only useful if the attacker knows your WPA key.
  This is for WPA2-EAP (may or may not cover WPA2-PSK). So they need a valid username and password, not just a key.
2. Re:Not that big a deal... by maximander · 2010-07-24 12:13 · Score: 5, Interesting
  
  When I give someone my root password, I assume they can delete all my files.
  When I give them a limited shell account and set permissions correctly, I don't make that assumption.
  This exploit is more like the later than the former: WPA was supposed to keep traffic of each individual user safe, and now it doesn't.
3. Re:Not that big a deal... by Denis+Lemire · 2010-07-24 12:22 · Score: 5, Insightful
  
  M'eh, if you have anything sensitive that you're sending over the network it should be sent securely, period. ie) via SSH, HTTPS, etc... Otherwise, you're just doing it wrong.
  Having an additional layer like WPA provided is indeed a nice thing, but this being compromised isn't the end of the world. I'd be far more concerned if there was a vulnerability that allowed someone to bypass WPA all together and connect to a network in which he or she isn't authorized.
  The encryption of the traffic itself really isn't that much of a selling point when it'll continue across the wired network in the clear once it hits the router or switch upstream. Encryption that isn't end-to-end really isn't worth the time spent talking about it.
4. Re:Not that big a deal... by Shadyman · 2010-07-24 12:42 · Score: 2, Insightful
  
  "When I give them a limited shell account and set permissions correctly, I don't make that assumption."
  
  Isn't the idea to always expect the worst? I'd tend to assume that if I give anyone any access at all, that they will find a way to break it.
5. Re:Not that big a deal... by yuhong · 2010-07-24 12:51 · Score: 5, Insightful
  
  Yep, WEP stood for Wired Equivalent Privacy, which was all it and WPA(2) was intended to provide, nothing more.
6. Re:Not that big a deal... by John+Hasler · 2010-07-24 13:25 · Score: 3, Insightful
  
  It's "Wired Equivalent Privacy" only if your idea of "wired privacy" involves dangling a cable out the window down into the alley behind the building.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
7. Re:Not that big a deal... by blacklint · 2010-07-24 13:35 · Score: 4, Interesting
  
  It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.
8. Re:Not that big a deal... by amorsen · 2010-07-24 22:38 · Score: 2, Interesting
  
  Actually it seems that WPA2 enterprise is exactly like a switched wired network. The casual users can't see each others traffic, but the knowledgeable can see everything. Unless there's an ubergeek doing the switch administration (which generally doesn't happen outside academia) and the switch is really good (which is rarely the case in academia).
  
  --
  Finally! A year of moderation! Ready for 2019?
Yawn by Jeffrey+Baker · 2010-07-24 12:03 · Score: 2, Insightful

In other news, people on your wired ethernet segment can also see your "private" traffic. If you care so much, use SSL. Next scaremongering non-story in 3, 2, 1.
Michael Jackson said it best by CaptSaltyJack · 2010-07-24 12:05 · Score: 5, Funny

"I'm starting with the man in the middle
I'm asking him to change his ways
Every packet is encrypted just a little
If you wanna make your network a safer place
Find the man in the middle and punch his face."
Re:I don't understand how it could be possible... by fwr · 2010-07-24 12:26 · Score: 2, Interesting

There is an out-of-band key exchange. It is called a trusted certificate. You know, just like how HTTPS works. This is for WPA2 Enterprise, of which there are many different EAP methods possible, but for which most do include an out of band key exchange (i.e., certificates, or EAP-FAST PAK). In any case, there's also the old DH key exchange, which worked fine for IPsec for years.
Re:WTF by mortonda · 2010-07-24 12:32 · Score: 3, Funny

nah, things went downhill about the 50k mark... ;)
VPN by Jaime2 · 2010-07-24 13:07 · Score: 5, Insightful

I've been telling people to use VPN over WiFi connections forever. Even better, put your wireless devices on the outside of the firewall, so they have no choice but to VPN in. This also makes giving a random guest access to your wireless no big deal. Any one who thinks wireless networking will ever be safer than an old-fashioned hub is deluding themselves.
Re:WTF by Eivind+Eklund · 2010-07-24 13:20 · Score: 5, Funny

I'd say more around the 5170-mark, myself.

--
Doubting the existence of evolution is like doubting the existence of China: It just shows that you're uninformed.
Re:WTF by Tumbleweed · 2010-07-24 13:20 · Score: 3, Interesting

nah, things went downhill about the 50k mark... ;)
Not really. Things went downhill much sooner than that. I'd have a much lower UID than I have if I had seen the need for it, but the 'first poster' morons, etc., weren't much yet around, and there wasn't much value to HAVING a Slashdot account until some time after the account system was first implemented.
Not normally by Sycraft-fu · 2010-07-24 13:47 · Score: 2, Insightful

The whole point of a switch is that it sends data only to the host that it is for. So you don't get my data out your switch port. If you clone a MAC, that doesn't do the trick as it just confuses the switch and some data goes to one computer, some to the other, and the connection works poorly. Back in the day you could overload the switches in various ways and make them act like hubs, but that is also noticeable, and it doesn't work on new high quality switches.
Wired networks are actually pretty secure from snooping over all. It's not impossible, but it is damn hard.
Fire the consultant by VortexCortex · 2010-07-24 14:29 · Score: 2, Insightful

Statements like, "I could break any WiFi in about two hours," are red flags that you should higher a different security researcher...
The terms "any", "ever" or "all" are not in most security researcher's vocabularies when talking about unknowns or speculative situations.
We prefer to use terms that imply some degree of uncertainty such as "mostly", "almost never", and "nearly all" since the one thing we know
as security researchers is "trust no one", followed closely by "there is almost always an exception to the rule".
I'm certain that there is at least one "WiFi" your researcher could not break in approximately two hours, thus voiding the "any" term they used.
When in doubt just say, "Prove It."
No need to worry... by fph+il+quozientatore · 2010-07-24 19:40 · Score: 2, Funny

...I'm using WEP, so I am perfectly safe!

--
My first program:
Hell Segmentation fault
Re:Discrepancy: Theory vs. Practice by ledow · 2010-07-24 21:59 · Score: 3, Insightful

Because in practice, making sure that there is absolutely no hint of a secure piece of information is incredibly tricky. Most programmers traditionally have little concept of actual *secure* programming. Most implementations of perfectly secure algorithms are subject to flaws because people didn't treat side-cases, or properly analyse how the traffic use would affect the algorithm, etc. e.g. not renegotiating keys often enough, so that people can see enough traffic to decrypt a key in a relatively short space of time.
Additionally, this isn't an attack on the crypto. The crypto secures the conversation, it does not necessarily prove identity and if it does prove identity most places don't care about the identity (how many company distinguish individual users/computers over the wireless network by anything other than MAC/IP/username given? AES is still 100% perfectly intact. If you'd been using, say, OpenVPN or OpenSSH with the same algorithm over an unsecured wireless network, the internal encrypted conversation would still be virtually as secure today as it was when AES was invented. The problem is that the *implementation* of AES wasn't designed to cover the usage scenario here, and probably never could be because of the way the access to this particular tiny piece of this part of the broadcast specification is granted. Basically, the flaw has always been sitting there in WPA, not in AES which is still chugging along nicely doing its job. Shocking that a wireless "encryption" fails to properly implement a security scheme because of a bad implementation that side-steps the actual encryption itself... that's never ever happened before ever anywhere :-P
Moral of the story: only trust crypto from those well-established in the crypto-field that's been attacked and attacked and still is approved for government/military use in lots of sensible countries. And then make sure you have a damn good implementation that's not overly complex, or cast in stone, such that most people can't examine it / play with it / fix it.
If you'd been running OpenVPN over the same wireless network, but using OpenVPN's key infrastructure and encryption instead of WPA or WEP or anything at all (i.e. completely "open" wireless) you would still be secure. A bad implementation of a particular encryption in WPA allows people to bypass steps of the actual encryption process that were never designed to be bypassed. It's almost an "out of band" security vulnerability - i.e. nothing to do with whether you use AES or Blowfish or 3DES or whatever you choose... they basically find a way around the (still theoretically secure) encryption that has no effect on the efficacy of the encryption itself.
Basic rule: Just because your "Ethernet-over-the-mains" devices says it uses AES, don't think that means it's "secure". Chances are that it's not.