Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi WPA2 Vulnerability Found

Posted by kdawson on from the keep-your-enemies-closer dept.

BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. "...wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named 'Hole 196' by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. 'There's nothing in the standard to upgrade to in order to patch or fix the hole,' says Kaustubh Phanse, AirTight's wireless architect who describes Hole 196 as a 'zero-day vulnerability that creates a window of opportunity' for exploitation." Wi-Fi Net News has some more detail and speculation.

17 of 213 comments (clear)

  1. Not that big a deal... by Denis+Lemire · · Score: 4, Insightful

    This vulnerability is only useful if the attacker knows your WPA key. In other related news, it has been discovered that those who know your root password can delete all your files.

    1. Re:Not that big a deal... by maximander · · Score: 5, Interesting

      When I give someone my root password, I assume they can delete all my files.
      When I give them a limited shell account and set permissions correctly, I don't make that assumption.

      This exploit is more like the later than the former: WPA was supposed to keep traffic of each individual user safe, and now it doesn't.

    2. Re:Not that big a deal... by Denis+Lemire · · Score: 5, Insightful

      M'eh, if you have anything sensitive that you're sending over the network it should be sent securely, period. ie) via SSH, HTTPS, etc... Otherwise, you're just doing it wrong.

      Having an additional layer like WPA provided is indeed a nice thing, but this being compromised isn't the end of the world. I'd be far more concerned if there was a vulnerability that allowed someone to bypass WPA all together and connect to a network in which he or she isn't authorized.

      The encryption of the traffic itself really isn't that much of a selling point when it'll continue across the wired network in the clear once it hits the router or switch upstream. Encryption that isn't end-to-end really isn't worth the time spent talking about it.

    3. Re:Not that big a deal... by yuhong · · Score: 5, Insightful

      Yep, WEP stood for Wired Equivalent Privacy, which was all it and WPA(2) was intended to provide, nothing more.

    4. Re:Not that big a deal... by blacklint · · Score: 4, Interesting

      It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.

  2. Re:so, not a hole by Iwanowitch · · Score: 5, Insightful

    Unless the wifi network is at a Starbucks, a university or a corporation.

    That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.

    --
    One CS student VS 893 DOS games: Let's play oldies
  3. Michael Jackson said it best by CaptSaltyJack · · Score: 5, Funny

    "I'm starting with the man in the middle
    I'm asking him to change his ways
    Every packet is encrypted just a little
    If you wanna make your network a safer place
    Find the man in the middle and punch his face."

  4. Re:so, not a hole by Culture20 · · Score: 4, Insightful

    That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.

    How's he do that? Am I relying on WPA2 as my only encryption across the 'net?

  5. Re:so, not a hole by fwr · · Score: 5, Interesting

    Sigh. Understand the protocol before commenting, or at least RTFA. There IS an individual key per user. But, there is also a shared key used for broadcast traffic. The problem is that the shared key is not authenticated, so a user who knows the shared key (i.e., anyone with access to the wireless network), can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys. A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.

  6. Re:so, not a hole by jijacob · · Score: 4, Insightful

    ssh -D is just a terminal away.

  7. VPN by Jaime2 · · Score: 5, Insightful

    I've been telling people to use VPN over WiFi connections forever. Even better, put your wireless devices on the outside of the firewall, so they have no choice but to VPN in. This also makes giving a random guest access to your wireless no big deal. Any one who thinks wireless networking will ever be safer than an old-fashioned hub is deluding themselves.

  8. Re:WTF by Eivind+Eklund · · Score: 5, Funny

    I'd say more around the 5170-mark, myself.

    --
    Doubting the existence of evolution is like doubting the existence of China: It just shows that you're uninformed.
  9. Re:so, not a hole by squiggleslash · · Score: 4, Interesting

    In my experience, the most popular email system out there is Yahoo! Mail, and the web interface doesn't do any encryption except for the logging in process.

    Frankly though, email should generally be considered insecure anyway. It's usually transmitted, somewhere along the chain, in plain-text, and you only have (limited) control over your own connection, not the connection of the party you're communicating with. The pseudo-elitists posting here claiming that they're OK because, unlike the great unwashed, they use HTTPS when they connect to their web mail, are fooling themselves.

    --
    You are not alone. This is not normal. None of this is normal.
  10. Re:so, not a hole by Nyder · · Score: 5, Insightful

    Unless the wifi network is at a Starbucks, a university or a corporation.

    That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.

    No, the creepy guy sitting 2 tables from you? he's just viewing porn.

    See that nice dressed business woman? She's stealing your data.

    --
    Be seeing you...
  11. Re:so, not a hole by zippthorne · · Score: 4, Interesting

    So.. its the same as the wired ethernet, then? Except that instead of just plugging in a wire and sniffing away, it takes a small amount of effort?

    I guess "WiFi is slightly safer than wired networks, when it comes to malicious peers" isn't quite as attention grabbing a headline.

    --
    Can you be Even More Awesome?!
  12. Re:so, not a hole by nstlgc · · Score: 4, Funny

    No, the creepy guy sitting 2 tables from you? He's viewing *your* porn.

    --
    I'm Rocco. I'm the +5 Funny man.
  13. Re:so, not a hole by icebraining · · Score: 4, Informative

    Tunneling SSH over an HTTP-Proxy Server

    --
    Dilbert RSS feed