WPA2 finds itself in a "hole"! Vulnerable to insider attacks!

Posted by Kaustubh Phanse on Jul 22, 2010

WPA2_Hole196Wi-Fi security has experienced a lot of churn over the last decade. As protocols like WEP and TKIP fell by the wayside, WPA2 emerged as the "Last Wi-Fi Security Protocol Standing." Wi-Fi Alliance recently announced its plan to phase out WEP and TKIP, promoting WPA2 as the go-to security standard.

With solid protection in the form of AES encryption and 802.1x based authentication, there was no reason to look beyond. WPA2 did its job well keeping the bad guys outside, out of the network. And traditionally that has always been the focus of Wi-Fi security.

But...! Yes, but...as AirTight Networks security researcher, Md. Sohail Ahmad, found out WPA2 has a hard shell on the outside, but a soft underbelly inside. In other words, WPA2 is vulnerable to insider attacks! And interestingly this zero-day vulnerability, now referred to as "Hole196", has been buried in the standard (on page 196, if you didn't guess it! :) ) all these years, but overlooked. Exploiting this vulnerability, a malicious insider (authorized user) can decrypt WPA2-encrypted over the air data from other authorized users in the network with his own private key. No key cracking or brute force is required!

If you are going to be in Las Vegas next week, you can watch a live demo of exploits built on top of the WPA2 Hole196 vulnerability at the Black Hat Arsenal on July 29 (13:30-18:00), and attend a talk titled "WPA Too!" that deconstructs the Hole196 vulnerability and the exploits, at Defcon18 on July 31 (15:00-15:50).

You can also register for a live public Webinar (on August 4, 11am Pacific Time) by AirTight Networks to understand the risks from zero-day vulnerabilities such as WPA2 Hole196 and what steps can be taken to mitigate the risks. You can also find more information on this topic here.

Insider attacks continue to be the most common and most costly threat to enterprise networks. No wonder insider attacks have been widely studied in wired networks over the years, and security technologies have been built specifically addressing the risks from malicious insiders. Wired network security has also evolved to have multiple layers of security to catch zero-day vulnerabilities. And I guess it's time to apply the same wisdom of a multi-layered defense to Wi-Fi networks because one size does not fit all...and Wi-Fi security is no exception.

Topics: Wireless security


Subscribe to Email Updates

Posts by Topic

see all