Monday, July 26, 2010

Wi-Fi vulnerability of WPA 2 unearthed


A few lines of code have enough for a researcher threaten the security of WPA 2. But the faultdiscovery is exploited by users already registered on the network.

BlackHat and Defcon conferences, which take place in the coming days the United States, starting on hubcaps. Sohail Ahmed, a researcher at Airtight Networks, a company specializing in secure wireless networks, has discovered a vulnerability in WPA2. He called it Hole 96 (or "hole 196") because it is on page 196 of the long description of the standard that is the fault he has managed to exploit.
Please note, this vulnerability does not "break" the password protection of a WPA2 wireless network to operate, it must in practice be a user already registered on the network, which greatly limits the scope this fault.

If there is no "crack" the encryption key, an attacker already registered on the wireless network might instead use this flaw to launch a "Man in the Middle attack (" attack of the man in the middle ") to intercept and decrypt the communications of its peers on the network encrypted, rob or break into a machine and infect it with malware.

As effective as discrete
"The vulnerability Hole 96 can be operated using open-source software as a basis," says Airtight network in a statement. According to our colleagues at Network World, Sohail Ahmad merely amended ten lines of code in a Wi-Fi driver is open source to achieve its purposes ...

Moreover, Airtight indicates that "the imprint of these attacks came from a machine that is allowed on the network is limited to wireless communication, which makes it one of the quietest known attacks [...]. The only way to detect it is to monitor traffic on the wireless network. A good marketing momentum, since the monitoring of traffic, it is just one of the services that company offers ...

This vulnerability is in any case here to stay: no update is provided in the standard to address them. Whether we are reassured all the same, it will not allow an attacker wishing to download illegally anonymously from your DSL line draw you in trouble with the Hadopi if you are protected WPA2. Only a device registered in advance on your network could actually cause damage. Unlike individuals, companies should have to worry about: according to a study reported by CERT Airtight Security, 51% of cyber security issues in business would come from internal sources, authorized on the network.
مرسلة بواسطة في

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Tags

acer (5) Android (25) Apple (15) BlackBerry (5) BMW (2) car (6) Cars (3) CES (21) CES 2014 (40) console (7) consoles (8) display (12) displays (3) download (4) Ericsson (2) Full HD (18) Galaxy (8) games (14) Google (7) HTC (4) iPad (5) iPhone (12) Kindle Fire (2) laptops (3) LED (5) Lenovo (5) LG (11) Lumia (4) Mercedes (5) Microsoft (8) Microsoft Windows 8 (6) Mobile (6) Motorola (3) MWC 2012 Reviews (7) Nissan (1) Nokia (9) notebooks (1) PC (14) phones (5) PlayStation 3 (1) price (37) prices (5) PS3 (5) PSP (1) review (15) Reviews (14) Samsung (28) Samsung Galaxy SIII (1) science (1) Screen (30) smartphone (33) Smartphones (13) sony (11) technology (26) TVs (8) update (6) Wii U (10) Xbox 720 (1)