Researchers Uncover WPA2 Vulnerability

Kara Reeder

According to PCWorld.com, wireless security researchers have discovered a vulnerability in the WPA2 security protocol.

 

An AirTight researcher who uncovered the flaw has dubbed it "Hole 196" in reference to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 provides an avenue for man-in-the-middle-style exploits. The article explains:

a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key.

While "there's nothing in the standard to upgrade to in order to patch or fix the hole," says Kaustubh Phanse, AirTight's wireless architect, the ability to exploit the vulnerability is limited to authorized users.



Add Comment      Leave a comment on this blog post

Aug 5, 2010 8:07 AM ARP_madman ARP_madman  says:

What is it, 1995?  This attack is really ARP spoofing, executed by an authorized user.  Write a story when they show you WPA2 key recovery!

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data