SCF Advanced Search



  • Total Members: 13736
  • Latest: parasti
  • Total Posts: 38282
  • Total Topics: 12871
  • Online Today: 1341
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)


Author Topic: Researchers discover new WPA2 vulnerability - "Hole 196"  (Read 2529 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7522
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Researchers at wireless security company AirTight Networks have uncovered a vulnerability in the widely used WPA2 security protocol, part of the 802.11 standard. The vulnerability, termed "Hole 196", which can be exploited by attackers already authenticated to the network, allows decryption of data sent by other users across the network.

Wireless encryption uses two keys to protect the communications, firstly a Pairwise Transient Key (PTK), unique to each client, and used to protect traffic between that client and the access point, and secondly, a Group Temporal Key (GTK) that is known to all clients on the network, and used to encrypt broadcast traffic (traffic sent to all clients connected to the network).

The attack does not rely on brute-forcing, or breaking of the AES encryption used to protect the communications. The vulnerability arises when a malicious client uses the GTK to send spoofed packets to another user on the network. GTKs do not have the ability to detect spoofed packets, an ability which does exist in PTKs.

Researcher Md Sohail Ahmad, who discovered the vulnerability, says it took around 10 lines of code added to open source driver software, and an off-the-shelf wireless adaptor in order to implement the exploit. By spoofing the MAC address of the access point, clients who receive the malicious packets, believe the sender to be the gateway, and respond using their PTK, which the attacker can then decrypt.

Exploiting the vulnerability is limited to users already authorised to the network, which mitigates the risk, but security studies repeatedly indicate security breaches from inside continue to be the biggest source of loss to businesses.

WPA2 is the latest encryption protocol available for wireless networking, and as yet, there is no successor ready to take its place in order to resolve this issue, it remains to be seen what the security community can devise to work around the problem in the protocol.


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising