Wi-Fi WPA2 Vulnerability Found 213
BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. "...wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named 'Hole 196' by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. 'There's nothing in the standard to upgrade to in order to patch or fix the hole,' says Kaustubh Phanse, AirTight's wireless architect who describes Hole 196 as a 'zero-day vulnerability that creates a window of opportunity' for exploitation." Wi-Fi Net News has some more detail and speculation.
Re:Not that big a deal... (Score:3, Interesting)
This vulnerability is only useful if the attacker knows your WPA key.
This is for WPA2-EAP (may or may not cover WPA2-PSK). So they need a valid username and password, not just a key.
Re:Not that big a deal... (Score:5, Interesting)
When I give someone my root password, I assume they can delete all my files.
When I give them a limited shell account and set permissions correctly, I don't make that assumption.
This exploit is more like the later than the former: WPA was supposed to keep traffic of each individual user safe, and now it doesn't.
Re:I don't understand how it could be possible... (Score:3, Interesting)
Re:so, not a hole (Score:5, Interesting)
Re:WTF (Score:4, Interesting)
nah, things went downhill about the 50k mark... ;)
Not really. Things went downhill much sooner than that. I'd have a much lower UID than I have if I had seen the need for it, but the 'first poster' morons, etc., weren't much yet around, and there wasn't much value to HAVING a Slashdot account until some time after the account system was first implemented.
Re:Not that big a deal... (Score:4, Interesting)
It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.
Re:so, not a hole (Score:3, Interesting)
The real fix would be to get users to realize that there's no such thing as a secret when you're yelling loud enough that people a half a block away can hear you. Even if you're talking in code, chances are, if someone really wants to screw with you, they'll figure out how.
Wireless networking is a convenience, and at Layer 2, there probably isn't much that can be done to secure traffic. If you want secure, either use your own encryption (IPSEC, SSL/TLS, SSH, etc.) or use a wire.
Comment removed (Score:5, Interesting)
Re:so, not a hole (Score:5, Interesting)
So.. its the same as the wired ethernet, then? Except that instead of just plugging in a wire and sniffing away, it takes a small amount of effort?
I guess "WiFi is slightly safer than wired networks, when it comes to malicious peers" isn't quite as attention grabbing a headline.
Re:so, not a hole (Score:2, Interesting)
Can he?
Ah - you wrote "_your_ e-mail", right? I am pretty sure he can't do much of reading of _my_ e-mail based on this particular exploit.
And if _you_ rely on WPA (or whatever) within your (W)LAN to protect you from unauthorised reading of your e-mail, then you should really reconsider your approach to data security.
Re:Not that big a deal... (Score:3, Interesting)
Actually it seems that WPA2 enterprise is exactly like a switched wired network. The casual users can't see each others traffic, but the knowledgeable can see everything. Unless there's an ubergeek doing the switch administration (which generally doesn't happen outside academia) and the switch is really good (which is rarely the case in academia).