Hole196: vulnerability in WPA2, following the webinar

    On August 4, a webinar was held on the Hole196 vulnerability in WPA2 encryption for WiFi networks. The first report of this vulnerability appeared during the Black Hat 2010 conference in Las Vegas in July of this 2010.

    The basis for the vulnerability. When using WPA2 encryption, a successfully authorized client receives a key for unidirectional data transmission and a key for broadcast data transmission (GTK). The encryption of the broadcast stream is designed so that it is impossible to determine the substitution of the sender's mac address (see page 196 of the IEEE 802.11 standard ). The standard page number gave the name for the vulnerability.

    Speakers at the webinar proposed 2 ways to exploit the vulnerability:

    Method One.A successfully authorized network client sends a broadcast ARP request stating that it is the default gateway. As a result, other clients on the network will send their traffic to him and not to the host that was the gateway before.

    But what about encryption? Everything is simple. Each of the clients, as before, will send the encrypted stream to the access point, which, in turn, will decrypt it and send it to the forged gateway.


    The gateway can be a node in a wireless network and a node in a wired network.
    The second way. Denial of service attack. The attacker sends a lot of broadcast packets, which blocks the operation of the network.

    Measures proposed by the authors of the discovery:
    - Remove from WPA2 GTK and encrypt broadcasts as unidirectional;
    - Use their wonderful software to detect attacks;

    The authors transparently hint that WPA2 should guarantee that the data stream is encrypted not only from the outside world, but also from network neighbors.

    What I want to note as a resume.
    1. To carry out criminal acts, you need to be able to connect to the network.
    2. The attributes used when connecting to other clients (passwords, certificates) remain unknown.
    3. The same thing can be done simply by connecting to the wire behind the access point.

    In my opinion, the protocol could not be opened. The ability to pretend to be a default gateway has long been known, and it can be eliminated one way or another. Hints of guaranteeing isolation of neighbors across the network are more like speculation, especially considering that after the access point the data streams from all clients are decrypted and merged into one.

    Those who wish can watch and listen to the webinar recording at
    https://m2l.market2lead.com/wt/lt.do?m2lc=1209453900-54-1216016214 .

    Also popular now: