Researchers Discover Vulnerability in WPA2

Wireless security researchers state that they have discovered a new vulnerability in WPA2 security protocol, the strongest technique of Wi-Fi encryption and authentication currently used, as reported by PCWORLD on July 25, 2010.

Malicious insiders could exploit this vulnerability, referred "Hole 196," by Md Sohail Ahmed, AirTight Technology Manager. In fact, Md Ahmed is credited with the discovery of vulnerability at wireless company AirTight Networks.

"Hole 196" vulnerability could result in the potential fatal attack in which an insider could easily penetrate into the WPA2 private key encryption and authentication to check the authorized devices for vulnerabilities, upload malware and pilfer private or sensitive information from the devices.

The successful insertion of malware could infect the machine in different ways and there was a strong possibility of malware propagation on other machines linked to the network.

Pravin Bhagwat, CTO for AirTight, said that unlike the TJX breach in which data was pilfered over unprotected WiFi, the discovery was a serious concern because the organization relied on WPA2 for its strong encryption and authentication, as reported by infosecurity on July 26, 2010.

The researchers revealed that WPA2 used two different types of keys. First type of key is Pairwise Transient Key (PTK). It is unique to every client and protects unicast traffic. The second type of key is Group Temporal Key (GTK), which is employed for the protection of broadcast data sent to several clients on a network. However, PTKs could identify spoofed address and data forgery, but GTK's doesn't have this property.

The AirTight experts said that this was the crux of the matter because it permitted a client to develop arbitrary broadcast packets. Other clients respond to these packets with information about their secret PTKs that could be decrypted by attackers.

According to the AirTight, the capability to abuse the vulnerability is confined to authorized users, as reported by NETWORKWORLD on July 23, 2010.

Commenting on the issue, the security experts said that the study had shown that insider security breaches caused heavy losses to businesses either from the disgruntled employees or spies who pilfer and sell information.

Related article: Researchers Urge Caution against phishing Scams

» SPAMfighter News - 8/5/2010