With solid protection in the form of AES encryption and 802.1x based authentication, there was no reason to look beyond. WPA2 did its job well keeping the bad guys outside, out of the network. And traditionally that has always been the focus of Wi-Fi security.
Uncovered by AirTight's wireless security researchers, the vulnerability is in fact buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). And that’s why AirTight named the vulnerability as “Hole 196.”
So what exactly is Hole 196 vulnerability?
AirTight explains "Hole 196" is a documented, yet little known, vulnerability of the WPA 2 security protocol exposing WPA 2-secured Wi-Fi networks to malicious insiders. Exploiting the vulnerability, an insider can bypass WPA 2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices.
Are all WPA/WPA2 implementations vulnerable to this attack?Uncovered by AirTight's wireless security researchers, the vulnerability is in fact buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). And that’s why AirTight named the vulnerability as “Hole 196.”
So what exactly is Hole 196 vulnerability?
AirTight explains "Hole 196" is a documented, yet little known, vulnerability of the WPA 2 security protocol exposing WPA 2-secured Wi-Fi networks to malicious insiders. Exploiting the vulnerability, an insider can bypass WPA 2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices.
Hole 196 is a fundamental vulnerability. All Wi-Fi networks using WPA or WPA2, regardless of the authentication (PSK or 802.1x) and encryption (AES) they use, are vulnerable.
Can a wireless intrusion prevention system (WIPS) detect this attack?
Hole 196 is yet another example of a zero-day vulnerability that begs for a multi-layered wireless security approach.
With dedicated 24/7 monitoring of the airspace, a wireless intrusion prevention system (WIPS) the only definitive way of detecting and mitigating zero-day attacks such as those based on the Hole 196 vulnerability.
Though, common MAC spoofing detection and location tracking techniques used by many WIPS solutions will fail to detect these attacks and fail to track the attacker’s physical location. Only a WIPS with a comprehensive threat analysis engine and intelligent location tracking can pin down the attacker.
To learn more about how you can deploy a WIPS solution in your networks, talk to our security experts today.
Call: +65 63251390 or email your queries at enquiry@acw-group.com.sg
0 comments:
Post a Comment