The Network Hub

Jul 30 2010   4:35PM GMT

New WPA2 vulnerability a wireless version of ARP spoofing, says Wi-Fi Alliance

Shamus McGillicuddy Shamus McGillicuddy Profile: Shamus McGillicuddy

When researchers say they’ve found a vulnerability in WPA2 (WiFi Protected Access) security standard, wireless LAN administrators stand up and take notice. Md. Sohail Ahmad, a researcher with wireless security vendor Airtight Networks, presented a WPA2 vulnerability dubbed Hole 196 at Black Hat yesterday and DEFCON 18 this weekend.

Details on the vulnerability remain somewhat fuzzy, but the Wi-Fi Alliance says Hole 196 appears to be a wireless version of ARP spoofing, the exploit in Address Resolution Protocol that allows hackers to perpetrate man-in-the-middle attacks.

Matthew Gast, chairman of the Wi-Fi Alliance’s Security Task Group (and director of product management for Aerohive Networks), said Hole 196 is an exploit that only authorized network users can use to bypass WPA2 encryption.

An insider on the network can set up a hack to trick a client into perceiving the hacker’s client devices as an access point. The victim will send its data to the hacker, who can observe it while forwarding it on to the access point.

“Since this is a vulnerability that’s been around since the beginning of Ethernet, network admins are already accustomed to dealing with it,” Gast said.

Gast said network performance monitoring can detect the latency caused by the extra hops associated with the attack.  Also, network admins can enable the client isolation filter found on most LAN infrastructure, which won’t be fooled by an ARP spoofing attack. An AP will look directly at the destination MAC address, recognize the problem and cut the connection. The victim’s client device will immediately experience a loss of connectivity. The user will call help desk and it’s only a matter of time before a network admin tracks down the MAC address of the hacker.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: