Wi-Fi WPA2 Vulnerability Found 213
BobB-nw sends along news based on yet another press release in advance of the Black Hat conference: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. "...wireless security researchers say they have uncovered a vulnerability in the WPA2 security protocol, which is the strongest form of Wi-Fi encryption and authentication currently standardized and available. Malicious insiders can exploit the vulnerability, named 'Hole 196' by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network, and compromise other authorized devices using open source software, according to AirTight. 'There's nothing in the standard to upgrade to in order to patch or fix the hole,' says Kaustubh Phanse, AirTight's wireless architect who describes Hole 196 as a 'zero-day vulnerability that creates a window of opportunity' for exploitation." Wi-Fi Net News has some more detail and speculation.
so, not a hole (Score:2, Insightful)
so rather than a hole, its more a forced proxy? a user who knows your password, is decrypting your traffic, and re-broadcasting it with different content... if this user has your password, you need to have a think about who you give your password to
Re:so, not a hole (Score:5, Insightful)
Unless the wifi network is at a Starbucks, a university or a corporation.
That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
Re:so, not a hole (Score:5, Insightful)
That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
How's he do that? Am I relying on WPA2 as my only encryption across the 'net?
Re:so, not a hole (Score:4, Insightful)
Re: (Score:2)
Yeah, but you have to remember to add your key to known_hosts *before* you visit the coffee shop, though.
Re: (Score:2)
unless wifi spots think internet access means web access
Re:so, not a hole (Score:5, Informative)
Tunneling SSH over an HTTP-Proxy Server [mtu.net]
Re: (Score:2, Insightful)
Comment removed (Score:5, Interesting)
Re: (Score:3, Insightful)
Pedestrians should look both ways before they cross the road and observe the local traffic laws and customs. That's taking an active interest in your own personal security. But also, vehicle operators should be wary of pedestrians and certainly try not to run them over, even if they don't look both ways.
The problem here isn't that we shouldn't strive to educate users. The problem is that the user being poorly educated in these matters isn't an excuse for running somebody over.
Re: (Score:2, Insightful)
Not through my SSL or VPN connection, he can't.
Re: (Score:2)
If you managed to break public key cryptography, do tell. I assure you, you'll be quite famous.
Re:so, not a hole (Score:4, Insightful)
or assassinated
Re: (Score:2, Funny)
Re: (Score:2)
``Unless the wifi network is at a Starbucks, a university or a corporation.
That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.''
Not unless he also knows how to break SSL. I've never assumed that any path between me and my mail server was secure, whether wired or wireless, WEP or WPA. So I only read mail over end-to-end encrypted protocols. Of course, most people still send e-mail through unencrypted SMTP, and without very reliable authentication, so I assume neither
Re:so, not a hole (Score:4, Insightful)
depends on how diligently one checks the certificates.
Re: (Score:3, Insightful)
Correct. I have actually worked at organizations where they used a certificate signed by their own certificate whenever you accessed something over HTTPS. And since they had added their certificate to the trusted list in Internet Explorer, very few people actually noticed. I did not access my e-mail or enter any passwords not already known to those organizations over those links.
Re: (Score:2)
That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
And that is different from yesterday (before the exploit was known) how exactly?
That person not using encryption could and did have their email intercepted already. So add one more unknown person to the mix, its not any worse than before.
This is why one should use encryption. If the atom 'grandma wants to check email and encryption is too hard' is actually still true, then the problem is lack of encryption. Adding one more layer of no encryption is not the thing making the situation worse.
Re:so, not a hole (Score:5, Insightful)
Unless the wifi network is at a Starbucks, a university or a corporation.
That creepy guy sitting two tables from you at the coffee shop? He can now read your e-mail.
No, the creepy guy sitting 2 tables from you? he's just viewing porn.
See that nice dressed business woman? She's stealing your data.
Re:so, not a hole (Score:5, Funny)
Re: (Score:3, Funny)
See that nice dressed business woman? She's stealing your data.
You are wrong, they mention man-in-the-middle-style, not woman-in-the-middle-style.
Re: (Score:2)
Re: (Score:2, Interesting)
Can he?
Ah - you wrote "_your_ e-mail", right? I am pretty sure he can't do much of reading of _my_ e-mail based on this particular exploit.
And if _you_ rely on WPA (or whatever) within your (W)LAN to protect you from unauthorised reading of your e-mail, then you should really reconsider your approach to data security.
Re: (Score:2)
Re:so, not a hole (Score:5, Interesting)
So.. its the same as the wired ethernet, then? Except that instead of just plugging in a wire and sniffing away, it takes a small amount of effort?
I guess "WiFi is slightly safer than wired networks, when it comes to malicious peers" isn't quite as attention grabbing a headline.
Re: (Score:2)
depends, are we talking hub or switch?
Re: (Score:2)
We are talking switch here:
monitor session 1 source interface Gi0/1 - 23
monitor session 1 destination interface Gi0/24
Re: (Score:2)
that would indicate that your inside the settings of the switch, iirc. Thats a bit more access then just plugging a computer in and setting it to sniff any traffic it see.
Re:so, not a hole (Score:4, Informative)
Do not rely on switches for security within a particular VLAN, unless you go high-end and really know what you are doing. There are a million ways to beat switch "security", including mac spoofing, forcing the switch to flood traffic, fake DHCP, fake ARP, fake RA or ND (on IPV6). Each of those attacks can be stopped by a sufficiently clever and well-configured switch, although right now it is difficult to find one that can do RA and ND protection.
Re: (Score:2, Insightful)
Am I the only who thought that WPA didn't protected against what this "attack" is doing? I'm not convinced either that this is a real vulnerability.
Re: (Score:2)
> ...if this user has your password...
Where does it say that?
whereby an internal, authorized Wi-Fi user
This is stupid. Its basicly saying that if someone knows your wireless key they can decrypt your wireless traffic. Any web based email should use another layer of encryption via https anyway. I'm too lazy to read the article, but is there mention of if it is for WPA2 personal or enterprise?
Re: (Score:2)
I'm too lazy to read the article, but is there mention of if it is for WPA2 personal or enterprise?
Enterprise. From the first line of the summary: a claimed vulnerability in WPA2 Enterprise that leaves traffic open to a malicious insider. .
Re: (Score:2)
Re: (Score:2)
Re:so, not a hole (Score:5, Interesting)
Re: (Score:2, Troll)
> Understand the protocol before commenting, or at least RTFA.
What, and break with Slashdot tradition? Don't be silly.
Re: (Score:3, Insightful)
can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys
I haven't read the spec, but it seems odd that per-user keys would be given up or changed in response to a broadcast message. Could this attack be mitigated by only performing these kinds of actions in response to direct, non-broadcast messages?
Re: (Score:3, Interesting)
The real fix would be to get users to realize that there's no such thing as a secret when you're yelling loud enough that people a half a block away can hear you. Even if you're talking in code, chances are, if someone really wants to screw with you, they'll figure out how.
Wireless networking is a convenience, and at Layer 2, there probably isn't much that can be done to secure traffic. If you want secure, either use your own encryption (IPSEC, SSL/TLS, SSH, etc.) or use a wire.
Re: (Score:2)
A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.
How about just signing the important AP broadcast messages with a private key unique to the AP, so they can still be broadcast but the recipients can verify that they're not spoofed?
Not that big a deal... (Score:5, Insightful)
This vulnerability is only useful if the attacker knows your WPA key. In other related news, it has been discovered that those who know your root password can delete all your files.
Re: (Score:3, Interesting)
This vulnerability is only useful if the attacker knows your WPA key.
This is for WPA2-EAP (may or may not cover WPA2-PSK). So they need a valid username and password, not just a key.
Re:Not that big a deal... (Score:5, Interesting)
When I give someone my root password, I assume they can delete all my files.
When I give them a limited shell account and set permissions correctly, I don't make that assumption.
This exploit is more like the later than the former: WPA was supposed to keep traffic of each individual user safe, and now it doesn't.
Re:Not that big a deal... (Score:5, Insightful)
M'eh, if you have anything sensitive that you're sending over the network it should be sent securely, period. ie) via SSH, HTTPS, etc... Otherwise, you're just doing it wrong.
Having an additional layer like WPA provided is indeed a nice thing, but this being compromised isn't the end of the world. I'd be far more concerned if there was a vulnerability that allowed someone to bypass WPA all together and connect to a network in which he or she isn't authorized.
The encryption of the traffic itself really isn't that much of a selling point when it'll continue across the wired network in the clear once it hits the router or switch upstream. Encryption that isn't end-to-end really isn't worth the time spent talking about it.
Re:Not that big a deal... (Score:5, Insightful)
Re: (Score:2)
Exactly...
Re:Not that big a deal... (Score:4, Insightful)
It's "Wired Equivalent Privacy" only if your idea of "wired privacy" involves dangling a cable out the window down into the alley behind the building.
Re: (Score:2)
Re:Not that big a deal... (Score:4, Interesting)
It used to be that an enterprise WPA2 network had a similar level of privacy to a switched wired network, where individual users couldn't see each other's traffic. Now it is equivalent to a network with hubs, allowing connected users to see each other's traffic.
Re: (Score:2)
Re: (Score:3, Interesting)
Actually it seems that WPA2 enterprise is exactly like a switched wired network. The casual users can't see each others traffic, but the knowledgeable can see everything. Unless there's an ubergeek doing the switch administration (which generally doesn't happen outside academia) and the switch is really good (which is rarely the case in academia).
Re: (Score:2)
That or replace your Windows file server with something trustworthy. ;)
Actually, I may have to claim ignorance here as I haven't looked into it recently, is there STILL no crypto available in SMB/CIFS traffic?
If not then perhaps IPSEC between your Windows servers and clients, it's a probably a hassle to setup, but it would give you another layer of security. I've never trusted wireless enough to do sensitive data transfers using non-secure protocols. Guess that's why I don't see this as a big deal. Just bus
Re: (Score:2)
Actually makes a bit of sense if you can't enforce (Score:2)
One frequent problem is that many people that think they are too important to obey pesky IT rules and they will give out the WPA key to any visitor that wants to check their email. Thus you have to assume to a point that the network is open and restrict things to certain MAC addresses or similar anyway.
Assuming the wireless network is completely open (but not actually doing so), sticking it on the outside of a firewall and letting laptop users in with some sort of VP
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yes, but first you have to get rid of windows.
Re: (Score:3, Insightful)
Isn't the idea to always expect the worst? I'd tend to assume that if I give anyone any access at all, that they will find a way to break it.
Re: (Score:2)
> Isn't the idea to always expect the worst? I'd tend to assume that if I give
> anyone any access at all, that they will find a way to break it.
The worst would be to assume that they will find a way to break it no matter what you do even with no access at all and so it is all hopeless.
Re: (Score:2)
Yeah, but this could mean that any wireless network you don't have complete control over (public hotspots, etc.) are effectively compromised even if the wireless link is encrypted with WPA2.
Of course, using a VPN would negate the problem, but I suspect that a significant number of public wi-fi users don't use a VPN as well.
No, it means that they are remotely possibly compromised.
Yawn (Score:3, Insightful)
In other news, people on your wired ethernet segment can also see your "private" traffic. If you care so much, use SSL. Next scaremongering non-story in 3, 2, 1.
Not normally (Score:3, Insightful)
The whole point of a switch is that it sends data only to the host that it is for. So you don't get my data out your switch port. If you clone a MAC, that doesn't do the trick as it just confuses the switch and some data goes to one computer, some to the other, and the connection works poorly. Back in the day you could overload the switches in various ways and make them act like hubs, but that is also noticeable, and it doesn't work on new high quality switches.
Wired networks are actually pretty secure from
Re: (Score:2)
Of course, this is why serious attackers on a switch don't try cloning MACs. They send gratuitous ARPs to the systems they want to sniff traffic from and pretend to be the default router. Or they take over the root of the spanning tree on the switch. Or they send an email to their target that says "Click this link to download nekkid pictures of " but actually installs a keystroke logger.
None of that is as hard as the 133t hax0rs want you to believe. Not trivial, and not undetectable, but not particularly
Re: (Score:2)
the email keylogger have nothing to do with the kind of network one is running...
Michael Jackson said it best (Score:5, Funny)
I'm asking him to change his ways
Every packet is encrypted just a little
If you wanna make your network a safer place
Find the man in the middle and punch his face."
Re: (Score:2)
Mommy! (Score:2)
Mommy, Jimmy's sniffing my packets again, make him stop!
Re: (Score:2)
VPN (Score:5, Insightful)
Re: (Score:2)
But the article pretty clearly demonstrates that it already is safer than the old-fashioned hub: with the old fashioned hub, every computer can hear every other computer, and nobody encrypts anything at all by default. Even with the new exploit, there are some parts of the communication that still aren't compromised by a malicious peer, which is something that wired "hub" networks really can't claim. (switched networks OTOH, if you've got enough switches...)
Also, with VPN, once someone is connected to the
Re: (Score:2)
This seems like an old case of "never trust the client".
A wireless LAN client is by default a mobile computer. Only lazy or stingy companies would connect stationary computers by wireless.
A mobile computer will leave the company with its employee on business trips or weekends, otherwise they wouldn't need a mobile one. It will then need to connect to an external network, hotspot or 3G link. (Except for the rare case of purely internal mobility on large campuses protected by armed guards with bag and suitcas
Re: (Score:2)
There, thats fixed it for you!
One question (Score:2)
Hi.
We recently had some security tests with a consulting firm and, while no WiFi test was done (we have no WiFi), I was curious and asked the guy about WiFi security. He told me that, given that there was a constant traffic, he could break any WiFi in about two hours. So I do not know if this vulnerability is a completely different thing or that guy was just too much optimistic.
Anyone does have first hand info?
Fire the consultant (Score:2, Insightful)
Statements like, "I could break any WiFi in about two hours," are red flags that you should higher a different security researcher...
The terms "any", "ever" or "all" are not in most security researcher's vocabularies when talking about unknowns or speculative situations.
We prefer to use terms that imply some degree of uncertainty such as "mostly", "almost never", and "nearly all" since the one thing we know
as security researchers is "trust no one", followed closely by "there is almost always an exception to
No shit, really? (Score:2)
So, if you grant someone access to your encrypted wireless network, the person you granted access to can access data on that network? Who would have thunk it?
Re: (Score:2)
So, if you grant someone access to your encrypted wireless network, the person you granted access to can access data on that network? Who would have thunk it?
Is that 'data' in your sentence or 'encrypted data'?
Is that 'data' in your sentence or 'keys'?
So an authenticated user can sniff my packets.. (Score:2)
In other words... (Score:2)
In other words, if someone is already logged into a network they can perform a MITM attack against user(s) on that network?
Maybe it's just me, but I never considered traffic *within* a network to be secure from other network users, even on a wired network.
What now? (Score:2)
Is there any wi-fi crypto left standing?
I understand that only applies to Enterprise mode; so will enterprises revert to using passphrases? Or if you use passphrases you already don't have protection from your peers?
Also, TFA talks only abou WPA2. However, there seems to be no reason to think it does not apply to WPA as well. Is anyone sure?
Ummm... (Score:2)
Wouldn't it be easier for said malicious insider to just give the man-in-the-middle the PSK?
Open Source? (Score:2)
Anyone else note the gratuitous dig at open source:
So I guess everything would be OK except for those pesky kids and their free software. *sigh*
-- MarkusQ
Haha (Score:2)
Holy crap, I am really sentimental now.
I remember the good old days of security world, where BH/CCC/Defcon/etc presentations were technical marvels and work of extremely bright people.
Ah, good old days...
No need to worry... (Score:3, Funny)
Doubtful... (Score:2)
Which is no longer used in current Linux kernels (and won't even compile properly without major tweaks.
And admin level access to the system to perform MAC spoofing. Sure, another user could
Re: (Score:2)
Uhm, what?
The point of mad wifi is he can use that to exploit the WPA2, it seems that you think it's an exploit within the drivers. Doesn't matter if it's used in the current kernels, you can just install an earlier version.
Also, this exploit is useful if you have access to the network, since you have physical access to some machine near the AP, you have some admin access to the machine, thus this is very much an issue if you only rely on WPA2.
Re: (Score:2, Funny)
You have an awfully low UID for such a huge troll!
Re:WTF (Score:4, Funny)
nah, things went downhill about the 50k mark... ;)
Re:WTF (Score:5, Funny)
I'd say more around the 5170-mark, myself.
Re:WTF (Score:4, Interesting)
nah, things went downhill about the 50k mark... ;)
Not really. Things went downhill much sooner than that. I'd have a much lower UID than I have if I had seen the need for it, but the 'first poster' morons, etc., weren't much yet around, and there wasn't much value to HAVING a Slashdot account until some time after the account system was first implemented.
Re: (Score:2)
nah, things went downhill about the 50k mark... ;)
Not really. Things went downhill much sooner than that. I'd have a much lower UID than I have if I had seen the need for it, but the 'first poster' morons, etc., weren't much yet around, and there wasn't much value to HAVING a Slashdot account until some time after the account system was first implemented.
I know things were going downhill when they let me have an account.
Re: (Score:2)
Shit I thought they were slacking when they let me disable ads!
Re: (Score:2)
Slashdotters have been complaining about Slashdot for as long as I can remember (since '98).
Re: (Score:2)
Hans R Camenzind?
I don't understand how it could be possible... (Score:2)
...even in principle to create a secure over-the-air encryption system with no out-of-band key exchange. Does there exist a proof of this?
Re: (Score:3, Interesting)
Re: (Score:2)
Ok. I was thinking of "personal" mode (I don't use wireless at all, myself).
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If the power fails, the state isn't "zero." It's indeterminate. Therefore his next project is actually called, 'Maybe'
Re: (Score:2)
Mine doesn't make me happy at all.
Re:Discrepancy: Theory vs. Practice (Score:4, Insightful)
Because in practice, making sure that there is absolutely no hint of a secure piece of information is incredibly tricky. Most programmers traditionally have little concept of actual *secure* programming. Most implementations of perfectly secure algorithms are subject to flaws because people didn't treat side-cases, or properly analyse how the traffic use would affect the algorithm, etc. e.g. not renegotiating keys often enough, so that people can see enough traffic to decrypt a key in a relatively short space of time.
Additionally, this isn't an attack on the crypto. The crypto secures the conversation, it does not necessarily prove identity and if it does prove identity most places don't care about the identity (how many company distinguish individual users/computers over the wireless network by anything other than MAC/IP/username given? AES is still 100% perfectly intact. If you'd been using, say, OpenVPN or OpenSSH with the same algorithm over an unsecured wireless network, the internal encrypted conversation would still be virtually as secure today as it was when AES was invented. The problem is that the *implementation* of AES wasn't designed to cover the usage scenario here, and probably never could be because of the way the access to this particular tiny piece of this part of the broadcast specification is granted. Basically, the flaw has always been sitting there in WPA, not in AES which is still chugging along nicely doing its job. Shocking that a wireless "encryption" fails to properly implement a security scheme because of a bad implementation that side-steps the actual encryption itself... that's never ever happened before ever anywhere :-P
Moral of the story: only trust crypto from those well-established in the crypto-field that's been attacked and attacked and still is approved for government/military use in lots of sensible countries. And then make sure you have a damn good implementation that's not overly complex, or cast in stone, such that most people can't examine it / play with it / fix it.
If you'd been running OpenVPN over the same wireless network, but using OpenVPN's key infrastructure and encryption instead of WPA or WEP or anything at all (i.e. completely "open" wireless) you would still be secure. A bad implementation of a particular encryption in WPA allows people to bypass steps of the actual encryption process that were never designed to be bypassed. It's almost an "out of band" security vulnerability - i.e. nothing to do with whether you use AES or Blowfish or 3DES or whatever you choose... they basically find a way around the (still theoretically secure) encryption that has no effect on the efficacy of the encryption itself.
Basic rule: Just because your "Ethernet-over-the-mains" devices says it uses AES, don't think that means it's "secure". Chances are that it's not.