WPA2 security hole discovered

Security experts at AirTight Networks have discovered a hole in the WPA2 Wi-Fi security protocol. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document. At the bottom of page 196, the IEEE standard introduces the keys used by WPA2: the PTK (Pairwise Transient Key), which is unique for every Wi-Fi client and used for unicast traffic, and the GTK (Group Temporal Key) used for broadcasts. While data forgeries and spoofed mac addresses can be detected with the PTK, the GTK does not offer this functionality.

The AirTight experts say that this is the crux of the matter, because it allows a client to generate arbitrary broadcast packets which other clients respond to with information about their secret PTKs which can be decrypted by attackers. AirTight reportedly only needed to add 10 extra lines of code to the freely available open source Madwifi driver to make a PC with an off-the-shelf Wi-Fi client card spoof the MAC address of the Access Point and pretend to be the gateway for sending out traffic. Attackers could exploit this to cause damage on the network, for instance via denial-of-service (DoS) attacks. The experts say that the only factor mitigating the attack potential is that attackers need to be internal, authorised Wi-Fi users. They do not anticipate that a patch will become available because "Hole 196" is written into the standard.

AirTight intends to give a live demonstration of how to exploit the security hole at the Black Hat USA 2010 and the DEFCON18 conferences next week.

(crve)