AirTight Demonstrates WIPS Detection and Location Methodology for WPA2 'Hole196' Exploit Presented at Black Hat and DEFCON

WPA2 Secured Wi-Fi Vulnerable to Insider Attacks Despite AES Encryption and 802.1x Authentication

Mountain View, Calif. - August 5, 2010 - AirTight Networks, the leading provider of wireless intrusion prevention systems and services (WIPS), demonstrated the first detection and location methodology against the WPA2 'Hole196'. The exploit was detailed by senior wireless security researcher, Md Sohail Ahmad, last week at Black Hat and DEFCON. The 'Hole 196' vulnerability exposes secured wireless networks to a key 'loophole' that allows authorized users to:

  • Bypass WPA2 inter-user data privacy and decrypt data from other users in the network
  • Launch Man-in-the-Middle attacks
  • Launch Denial of Service (DoS)

"While there are several steps companies can take to mitigate this threat in their infrastructure, a layered approach to security remains the best practice," said Pravin Bhagwat, CTO of AirTight. "WIPS provides a faster path for detecting and managing new threats until appropriate software fixes and configuration changes are implemented in the infrastructure."

Using AirTight's SpectraGuard Enterprise WIPS, organizations can:

  • detect anomalous traffic from authorized access points (APs) which could indicate the presence of a packet injection attack
  • physically locate the position of the attacker
  • gain forensics information on inter-client communication

While AirTight's findings indicate that this vulnerability is only exploitable by an authorized user of the wireless network, they are of concern because organizations are relying on WPA2 for its strong encryption and authentication. And the footprint of such insider attacks is limited to the air, making detection of such attacks difficult through wire-side monitoring systems only. Indeed during its recent Webinar on the subject, 86% of the almost 200 attendees responded to the poll question, "Are you concerned about insider threats?" with a resounding yes.

"Although Hole196 is an insider attack, it demonstrates that security measures in WLAN infrastructure can be bypassed in ways previously thought not possible. A layered approach to security not only protects against holes in WLAN defenses, but also protects against bigger and more severe threats such as Rogue APs and Soft APs planted maliciously or inadvertently by insiders," continued Bhagwat.

Indeed insider threats continue to be the biggest challenge to IT and source of loss to the business. In the January 2010 Cybersecurity Watch Survey by CERT, CSO and Deloitte noted, "51% of respondents who experienced a cyber security event were still victims of an insider attack," even though the top 15 security policies were aimed at preventing insider attacks. Additionally, the report said that "Insider incidents are more costly than external breaches," which makes such insider vulnerabilities more concerning.

Unlike the WPA-TKIP vulnerability (announced in November of 2008) that was largely of theoretical interest, the 'Hole196' vulnerability can be practically exploited using existing open source software as the basis. 
 
AirTight presented a public Webinar yesterday to detail its findings and demo the detection technique and will post the recording on its Website. Additional information about the 'Hole196' vulnerability can be found at http://www.airtightnetworks.com/wpa2-hole196

About AirTight Networks
AirTight Networks is the global leader in wireless security and compliance solutions. AirTight's patented technology protects enterprises from the growing problem of Wi-Fi security threats, while allowing organizations to better manage their WLAN environment and comply with emerging wireless compliance standards (i.e. PCI). The Company's award-winning SpectraGuard wireless intrusion prevention solution (WIPS) family provides enterprise security and compliance professionals with unparalleled capabilities to accurately detect, classify, block and locate all Wi-Fi security threats, while helping network operations staff to quickly monitor and troubleshoot WLAN performance issues. AirTight's pioneering Cloud Services family of cloud-hosted subscription services delivers the world's first and only "No Capex" multitenant WIPS, PCI wireless compliance and controller-less WLAN access solutions all in a single device.

AirTight's award-winning solutions are used by customers globally in the government, financial, retail, hospitality, telecom, technology, manufacturing, transportation, healthcare and education sectors AirTight owns the seminal patents for wireless intrusion prevention technology with 23 U.S. and international patents granted to date (UK, Australia Japan) and more than 20 additional patents pending. AirTight Networks is a privately held company based in Mountain View, CA.

Media Contacts:
Della Lowe
AirTight Networks
Tel: +1 (650) 934 8191
della.lowe@airtightnetworks.com

AirTight Networks and the AirTight Networks logo are trademarks; AirTight, SpectraGuard and VLAN Policy Mapping are registered trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.
<< Back to: Press Releases

  • Bookmark and share this page
    Subscribe to our wireless security news feeds