Thread: WPA Xposed-Hole 196
07-27-2010, 05:26 PM #1
- Join Date
- Jul 2010
- Blog Entries
- Thanked 169 Times in 86 Posts
WPA Xposed-Hole 196
When something is scrutinized for long enough and with enough depth flaws will be uncovered. This time the victim is WPA2 the strongest protection for your Wi-fi network which is standardized
A new hole was recently discovered to cause vulnerability in the WPA2 security protocol of Wi-Fi connections.Vulnerability can infuse malicious traffic over a network, once a user acquires information from others. This Hole 196, as named by the researcher who revealed it, then allows exploits without even using any brute force strategies.
The Advanced Encryption Standard (AES) derivative on which WPA2 is based has not been cracked and no brute force is required to exploit the vulnerability, Ahmad says. Rather, a stipulation in the standard that allows all clients to receive broadcast traffic from an access point (AP) using a common shared key creates the vulnerability when an authorized user uses the common key in reverse and sends spoofed packets encrypted using the shared group key.
WPA2 uses two types of keys: 1) Pairwise Transient Key (PTK), which is unique to each client, for protecting unicast traffic; and 2) Group Temporal Key (GTK) to protect broadcast data sent to multiple clients in a network. PTKs can detect address spoofing and data forgery. GTKs do not have this property, according to page 196 of the IEEE 802.11 standard.