Tuesday, July 27, 2010

Vulnerability found in WPA2

Recently, a vulnerability was found in WPA2 protocol. It is an insider vulnerability where authenticated attacker could launch a "Man in the Middle" attack by decrypting and injecting malicious traffic into the wireless network.

WPA2 is currently the strongest WiFi encryption and authentication protocol available. According to the researcher in AirTight networks, this vulnerability is a design loophole in IEEE 802.11 Standard.

Based on the standard, Group Temporal Key (GTK), which is used to protect broadcast data sent to multiple clients, is using a common shared key. This allows authenticated user to use the common key to encrypt and sends spoofed packets to other clients.

Currently there isn't any patch on this standard.

Related Report:
- NetworkWorld: WPA2 vulnerability found

No comments: