Sign up for a customized personal demo with an AirTight expert.
WPA2 Secured Wi-Fi Vulnerable to Insider Attacks Despite AES Encryption and 802.1x Authentication
Mountain View, Calif. - August 5, 2010 - AirTight Networks, the leading provider of wireless intrusion prevention systems and services (WIPS), demonstrated the first detection and location methodology against the WPA2 'Hole196'. The exploit was detailed by senior wireless security researcher, Md Sohail Ahmad, last week at Black Hat and DEFCON. The 'Hole 196' vulnerability exposes secured wireless networks to a key 'loophole' that allows authorized users to:
"While there are several steps companies can take to mitigate this threat in their infrastructure, a layered approach to security remains the best practice," said Pravin Bhagwat, CTO of AirTight. "WIPS provides a faster path for detecting and managing new threats until appropriate software fixes and configuration changes are implemented in the infrastructure."
Using AirTight's SpectraGuard Enterprise WIPS, organizations can:
While AirTight's findings indicate that this vulnerability is only exploitable by an authorized user of the wireless network, they are of concern because organizations are relying on WPA2 for its strong encryption and authentication. And the footprint of such insider attacks is limited to the air, making detection of such attacks difficult through wire-side monitoring systems only. Indeed during its recent Webinar on the subject, 86% of the almost 200 attendees responded to the poll question, "Are you concerned about insider threats?" with a resounding yes.
"Although Hole196 is an insider attack, it demonstrates that security measures in WLAN infrastructure can be bypassed in ways previously thought not possible. A layered approach to security not only protects against holes in WLAN defenses, but also protects against bigger and more severe threats such as Rogue APs and Soft APs planted maliciously or inadvertently by insiders," continued Bhagwat.
Indeed insider threats continue to be the biggest challenge to IT and source of loss to the business. In the January 2010 Cybersecurity Watch Survey by CERT, CSO and Deloitte noted, "51% of respondents who experienced a cyber security event were still victims of an insider attack," even though the top 15 security policies were aimed at preventing insider attacks. Additionally, the report said that "Insider incidents are more costly than external breaches," which makes such insider vulnerabilities more concerning.
Unlike the WPA-TKIP vulnerability (announced in November of 2008) that was largely of theoretical interest, the 'Hole196' vulnerability can be practically exploited using existing open source software as the basis.
About AirTight Networks
AirTight is a registered trademark of AirTight Networks; the AirTight Networks logo, and Marker Packet are trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.