It's time to be nostalgic for the days when you could count on WPA2 as the strongest, most impregnable wireless security standard. Security firm AirTight Networks has discovered a means of compromising WPA2 encryption using about ten lines of code.
Utilizing what's known as a "man in the middle" exploit, whereby an authorized member of an encrypted network can intercept private data to and from a router and inject their own malicious packets, researcher Sohail Ahmad has developed a simple method to "drop traffic, drop a [denial-of-service] attack, or snoop."
The AES encryption upon which WPA2 is based hasn't been compromised—rather, the attack exploits part of the WPA2 standard that mandates the shared use of one encryption key on the part of every user connected to the network. By using this key to act as an invisible mediator between clients and the access point, an attacker could manipulate data unbeknownst to anyone else on the network. This means that your WPA2 network isn't vulnerable to attacks from the outside, but rather (and more creepily) from those already trusted to join the network.
Ahmed says the attack can be pulled off using only open source software and an ordinary network card available to any consumer—exactly how will be demoed at the upcoming DEF CON 18 hacker fest. The best news? "There's nothing in the standard to upgrade to in order to patch or fix the hole," according to another AirTight researcher.
The only way to prevent an attack of this kind, according to AirTight, is by continuously "monitoring traffic over the air." Oh, and how convenient! AirTight Networks just so happens to sell wireless security consulting services. What would a good metaphor for this be? A barber throwing gum in your hair? Though of course, better for this to be discovered by wireless security experts—conflicts of interest aside—than by someone with more nefarious intent. [AirTight Networks via Network World via PC Mag]