NEWS: Security shortcomings in WPA2 that threaten security of wireless networks
in [Wireless Internet]
|
Prev: NEWS: Apple's Droid X Death Grip Footage: Misleading and Frustating
Next: NEWS: Apple sued over hot iPad shutdowns
From: John Navas on 27 Jul 2010 18:43 Security researchers have discovered security shortcomings in the WPA2 protocol that threaten the security of wireless networks, even if they are running up-to-date security software. The hack involves generating arbitrary broadcast packets from a spoofed node that trick legitimate nodes in a targeted network into responding with queries that give away information about their secret keys. The traffic does not, of course, give away the private key directly, but it does provide enough clues for this information to be extracted by subsequent cryptanalysis and high-end number crunching. The attack was discovered by wireless security experts at AirTight Networks, who found it was possible to spoof the MAC address of a kosher access point by adding just 10 lines of code to the open source Madwifi driver and running this software on a standard PC, H Security reports. However, for the attack to succeed, hackers already need to be internal, authorised users of targeted networks. .... Exploiting the vulnerability, an insider can bypass WPA2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those Wi-Fi devices. MORE: <http://www.theregister.co.uk/2010/07/27/wpa2_security/>
From: DanS on 28 Jul 2010 07:35
John Navas <spamfilter1(a)navasgroup.com> wrote in news:o3ou461psshmj7g5aqds51ukathcn5hq1e(a)4ax.com: Oh no!!!!!!!!! What are you going to recommend now ?! > Security researchers have discovered security shortcomings > in the WPA2 protocol that threaten the security of wireless > networks, even if they are running up-to-date security > software. > > The hack involves generating arbitrary broadcast packets > from a spoofed node that trick legitimate nodes in a > targeted network into responding with queries that give > away information about their secret keys. The traffic does > not, of course, give away the private key directly, but it > does provide enough clues for this information to be > extracted by subsequent cryptanalysis and high-end number > crunching. > > The attack was discovered by wireless security experts at > AirTight Networks, who found it was possible to spoof the > MAC address of a kosher access point by adding just 10 > lines of code to the open source Madwifi driver and running > this software on a standard PC, H Security reports. > However, for the attack to succeed, hackers already need to > be internal, authorised users of targeted networks. > > ... > > Exploiting the vulnerability, an insider can bypass WPA2 > private key encryption and authentication to sniff and > decrypt data from other authorized users as well as scan > their Wi-Fi devices for vulnerabilities, install malware > and possibly compromise those Wi-Fi devices. > > MORE: > <http://www.theregister.co.uk/2010/07/27/wpa2_security/> > |