WPA2 Might Be Spoofed!

WPA2 (Wireless Protected Access ver. 2.0) – is the second version of a set of algorithms and protocols that protect data in wireless networks. As expected, WPA2 should significantly increase the security of wireless networks Wi-Fi compared with previous technologies. The standard provides the mandatory use of more powerful encryption algorithm AES (Advanced Encryption Standard) and authentication of 802.1X.

Panel of researchers reported discovering vulnerability in this protocol while it is widely used as a secure standard for wireless network. AirTight Networks said that this vulnerability concerns networks that match the IEEE802.11 Standard. The first demonstration of this vulnerability will be held in Defcon 18 on this week at Vegas.

Hole 196 is the name of this vulnerability and it uses the Man-in-the-middle method of attack, where the user is authorized in a WiFi network to intercept and decrypt all data transmitted and received by others on the same wireless network. Information that the exploit code will be publicly available, so that everyone can test it and use it, while there will be update by and standardizing bodies have been able to make adjustments in WP2.

Md Sohail Ahmad who will be demonstrating the attack at Defcon says that it took about 10 lines of code in open source MadWiFi driver software, freely available on the Internet, and an off-the-shelf client card for him to spoof the MAC address of the AP, pretending to be the gateway for sending out traffic. Clients who receive the message see the client as the gateway and “respond with PTKs”, which are private and which the insider can decrypt.

We will be following this research especially that all Access points are using this protocol and there should be un update available before the demo to fix this vulnerability.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
11 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] This post was mentioned on Twitter by SecureArabia, Mourad Ben Lakhoua, Everson Tavares, Mourad ben lakhoua, Lance Miller and others. Lance Miller said: RT @MBenLakhoua: WPA2 Might Be Spoofed!: WPA2 (Wireless Protected Access ver. 2.0) – is the second version of a set of algo… http://bit.ly/bgTUyC […]

trackback

RT @Security_FAQs: WPA2 Might Be Spoofed! http://bit.ly/awYZeE

trackback

RT @Security_FAQs: WPA2 Might Be Spoofed! http://bit.ly/awYZeE #wpa #security

trackback

WPA2 Might Be Spoofed! http://bit.ly/awYZeE

trackback

RT @MBenLakhoua: RT @sectechno: #WPA2 Might Be Spoofed! https://www.sectechno.com/2010/07/26/wpa2-might-be-spoofed/ #security #infosec

trackback

RT @sectechno: #WPA2 Might Be Spoofed! https://www.sectechno.com/2010/07/26/wpa2-might-be-spoofed/ #security #infosec

trackback

RT @MBenLakhoua: WPA2 Might Be Spoofed!:

WPA2 (Wireless Protected Access ver. 2.0) – is the second version of a set of algo… http://bit.ly/bgTUyC

trackback

WPA2 Might Be Spoofed!: [sectechno.com] (Wireless Protected Access ver. 2.0) is the second version of a set of… http://dlvr.it/34345

trackback

RT @MBenLakhoua: WPA2 Might Be Spoofed!:

WPA2 (Wireless Protected Access ver. 2.0) – is the second version of a set of algo… http://bit.ly/bgTUyC

trackback

RT @MBenLakhoua: RT @sectechno: #WPA2 Might Be Spoofed! https://www.sectechno.com/2010/07/26/wpa2-might-be-spoofed/ #security #infosec

trackback

RT @sectechno: #WPA2 Might Be Spoofed! https://www.sectechno.com/2010/07/26/wpa2-might-be-spoofed/ #security #infosec