June 19, 2021

WPA2 Vulnerability: Hole 196

AirTight Networks discovered vulnerability in WPA2 protocol. WPA2 protocol uses two keys, the PTK (Pairwise Transient Key), which is unique for every Wi-Fi client and used for unicast traffic, and the GTK (Group Temporal Key) used for broadcasts. The fake and injected data and spoofed MAC addresses can be detected with the PTK, the GTK does not offer this functionality. The security hole was named as Hole 196 after the number of the relevant page in the IEEE 802.11 (2007) standard document.

With reference to AirTight Network website, this vulnerability could be used by an intruder to bypass WPA2 private key encryption and authentication to sniff and decrypt data.

This vulnerability will be demonstrating at the Black Hat Arsenal and at DEFCON18 in a presentation entitled “WPA Too?!” in Las Vegas on July 29th and July 31, 2010 respectively.

This vulnerability is due to a weakness in the standard and it cannot be fixed by an update patch.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks