Industry analysis by expert Joanie Wexler, plus links to the day's wireless news headlines
We could argue about security all day long. Every move we make -- from breathing to crossing the street to sending credit card data over a wireless network -- contains a measure of risk. We continually draw mental lines between the risks that we just accept as facts of life and those we deem important enough to actively try to mitigate.
Specific to the wireless LAN industry, there are folks whose job it is to ferret out vulnerabilities that could be exploited and that current, standards-based technology might not address. One reason for their work, of course, is self-serving: to identify opportunities for their companies to build and sell security products that close the holes.
But security experts (at least, those on the right side of the law) tend to have an altruistic nature, too. Most want to keep the public informed so that holes aren't exploited out of WLAN operator ignorance.
Such is the case with AirTight Networks' Md Sohail Ahmad, who demonstrated a WPA2 vulnerability this week at two security conferences in Las Vegas. The vulnerability, which his company dubbed "Hole 196," is documented in passing in the 1200-page Wi-Fi standards document. In that sense, it's a known vulnerability, so dissenters argue that there's really nothing new.
What's new is someone noticing the language, figuring out how to exploit it, and suggesting that folks might want to be aware of it. Personally, I consider that a positive service to the industry. Apparently, so did the conference organizers at Black Hat and DEF CON 18, who invited Ahmad to demonstrate Hole 196 at their events.
Black Hat : 'Unhackable' Android phone can be hacked
After all, how many enterprises are aware of the vulnerability and that the man-in-the-middle exploits of it that AirTight has been demonstrating might be happening as we speak? I'm going out on a limb and guess that not many WLAN administrators have read the 1200-page standard word for word and, even if they did, picked up on the broadcast, shared-key verbiage and its implications.
WLAN vendors, of course, are up in arms because they don't want people to think that Wi-Fi is broken. And, indeed, to imply that it is and that the sky is falling would be hyperbole. WPA2's AES-based encryption has not been cracked.
So should you worry or not?
I wouldn't put your WLAN deployments on hold, but, depending on your security risk profile, you might want to take this issue into account as you build your Wi-Fi security environment.
To help decide what tactics, if any, to take, here are a few defensive statements you are likely to hear or read about Hole 196 and a few things you should know about them:
* Rebuttal 1: "The same type of ARP poisoning attack can happen on an Ethernet LAN, as well. Everybody knows that."
Re-rebuttal: That's true. The difference is that today's intrusion detection and protection systems (IDS/IPS) that operate on wired networks detect and deflect these attacks. Hole 196 is contained on the wireless portion of the network only. According to the 802.11 standard, group keys, called Group Temporal Keys (GTKs) and used to encrypt/decrypt broadcast packets, by definition, are unable to detect address spoofing and data forgery. Will wireless IDS/IPSs figure out a way to detect them in the near future? Probably.
Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.
Rss FeedRss Feed
The Connected Enterprise