Sunday Sep 24
Jul
30/10
Analysis after the demo: Hole 196 and the WPA2 vulnerability
Updated on Tuesday, 31 January 2012 01:10
Share

You guys asked me to break out this information instead of posting as comments on the original post.

Here is more updated information on the WPA2 Hole 196 vulnerability now that AirTight has given the demo at BlackHat/Defcon.

John Cox at Network World put together a pretty nice final piece on the AirTight WPA2 Hole 196 vulnerability claims.

Included are quotes and details from me, AirTight, Matthew Gast (Aerohive), Robbie Gill (Aruba), John Pescatore (Gartner), Adam Conway (Aerohive) and Alan Amrod (Xirrus). Although I didn’t intend for him to quote my Southern-isms, they do relay the truth of the matter. Matthew has some great information you can find in other NWW articles on the attack.

Network World article
AirTight defends Wi-Fi WPA2 ‘vulnerability’ claim: A “publicity stunt?” Major threat? Or easily contained?
http://www.networkworld.com/news/2010/073010-airtight-wpa2-vulnerability.html

My wrap up:
– It’s not a big deal
– Attack is very limited and must be conducted by an authenticated user to another user
– Both victim and attacker must be on the same SSID and on the same access point
– Smart WIPS will protect against the attack
– Client isolation (used in most enterprise environments) prevents the attack all together

My original post
Additional comments are at the very bottom.
http://securityuncorked.com/2010/07/smoke-and-mirrors-the-upcoming-defcon-wpa2-crack/

# # #


9 Comments
  1. CommentsRamki   |  Saturday, 31 July 2010 at 4:00 am

    Your wrap up makes sense, but don’t you think this matters to corporate wi-fi use and targeted attacks./Ramki

  2. Commentsjj   |  Saturday, 31 July 2010 at 8:15 am

    Eamki,
    No I don’t. Because of the limitations, a wired or direct device attack would be possible and easier.

  3. CommentsWPA Too!   |  Monday, 02 August 2010 at 7:51 am

    Hi JJ,

    You wrap up doesn’t make sense to me.

    1. It’s not a big deal

    It’s definitely a big deal for them who do take an insider attack seriously. 2010 data breach indications report says that insider attacks has gone up. Here is a link to the article.
    http://darkreading.com/security/attacks/showArticle.jhtml?articleID=226300112

    ARP spoofing based MITM attack in a wired network has been known for several years. And in fact wired network security has evolved over the years to the point that wired IDS/IPS and even network switches can readily catch and block this attack on the wire today. For the first time, a protocol level vulnerability present in WPA2 allows a malicious insider to carry out similar attack in a completely stealth mode without getting detected by conventional security systems. This is just one example of possible exploit of “Hole196”. There are other possible exploits to GTK vulnerability such as Port scanning, DNS manipulation, malware injection etc.

    2. Attack is very limited and must be conducted by an authenticated user to another user

    Yes it is limited and must be conducted by an authenticated user. But Inter-user privacy is broken in WPA2 has been brought to the attention of WPA2 users and proved. Would you be OK if your colleague snoop into all your email exchange and private data transmitted in the air?

    3. Both victim and attacker must be on the same SSID and on the same access point

    Not necessarily true. Once the insider attacker finds the “GTK” used by other WiFi users, he can move to connect to any other SSID as long as both SSIDs are part of same subnet in order to carry out MITM attack.

    4. Client isolation (used in most enterprise environments) prevents the attack all together

    Client isolation is not a standard feature and the past indicates that it has been developed to provide defense against peer to peer attack in a Hotspot network environment. Since it requires proprietary implementation, it’s reliability also depends on underlying WLAN architecture and hence there could be certain limitation of this feature e.g. see limitation of PSPF at this link:
    http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml

    It’s impractical to turn ON feature like this in an enterprise environment wherein legitimate users want to share stuff from smartphone to laptops etc. Broadcast traffic introduced can’t be fixed by stopping unicast communication.

    Certain applications running over WiFi requires two WiFi clients to talk to each other e.g. In Voice-over-WiFi deployment, you cannot really turn client isolation feature ON.

    A little savvy insider can easily bypass the client to client or PSPF feature by using wireless device to inject spoofed frames and a wired machine to carry out MITM attack.

    The bottom line is no single solution is going to completely fix the problem. The real fix is to fix it in the protocol which would take some time and opens a window of opportunity for inside attacker. Hence a multi-layer of defense should be adopted e.g. Use of best security configuration for WiFi, end point client security solution to detect ARP spoofing, ARP spoofing detection in AP and controller and Air Monitoring system or WIPS to detect wireless attacks.

  4. Commentsjj   |  Monday, 02 August 2010 at 8:58 am

    Dear WPA too,
    Based on your comments, I have a feeling you’re either a researcher or a theorist, not an actual implementation engineer. Please don’t take that the wrong way; you’re obviously very technically savvy but I think you’re misguided in how things work in the real enterprise world.

    1. Sure insider attacks are important to many organizations. However, as I said pretty succinctly in my write up, you could launch this attack MUCH more easily on the wire with less trouble and the same result.

    2. This is where I feel you the real-world engineering is missing. Exchange messages, if the organization cares about the contents at all, is encrypted. It’s encrypted from the Exchange server to mail clients, to OWA (if used) and to mobile devices. The WPA2/GTK/ARP attack would not compromise encrypted data outside the realm of the AP-client encryption. So, that whole argument is a moot point. Aside from that, AGAIN, assuming that data was not encrypted, you’d have an easier go at it sniffing the wire and/or installing malware directly on your target’s endpoint.

    3. I think this is a pointless argument. Do you really envision an attacker walking with a laptop through a building, moving from AP to AP, so he or she can attack a user two floors away? C’mon, let’s be realistic. Also, if they’re on the same subnet, it means the enterprise has given the attacker and victim equal access rights. See my point? Go sniff the wire; it’s easier.

    4. Pointing to a Cisco technical document to discuss limitations of proprietary features doesn’t prove anything to me. I don’t consider Cisco to be on the cutting edge of wireless. Look at industry leaders; look at Aruba, Aerohive, Meru and companies that FOCUS on wireless and have good answers for this already in place.

    To address the second part of item 4; you’re wrong. It’s completely practical to enable client isolation in an enterprise. Why? Because security-conscious enterprises do not provide the same internal access handhelds as they do to managed endpoints and corporate laptops. Even if they did, you can enable client isolation per-SSID and put restrictions on the SSID’s connections through a variety of means. Many of our customers used network access technology that fingerprints devices (phones, iPads, VoIP handsets, laptop OS, printers, etc) and assigns the proper segmented access (wired or wireless). It’s not theoretical, it works and it works well.

    I’m sure you know this already, but VoIP communications, ESPECIALLY over wireless would always have their own network and VLAN, making your third point here also irrelevant.

    To address the final statements, IEEE already has an 802.1X-REV suite that may address parts of this vulnerability. I’ve also heard from WIPS vendors that certain solutions would detect this attack.

    The bottom line is this; an already-documented vulnerability was brought to light and leveraged in a clever way to make people aware of possible risks. We have the technology already available to combat this attack, all we have to do now is USE that technology appropriately.

    IT’S LIKE REALIZING YOU NEED TO LOCK YOUR 2ND FLOOR WINDOWS AFTER YOUR NEIGHBOR’S HOUSE IS BROKEN IN TO BY A THIEF WITH A LADDER.

    -jj

  5. CommentsFVT   |  Monday, 02 August 2010 at 9:15 am

    JJ,

    I have to agree with your response. Fundementally, if the attacker is able to already authenticate on your AP (in an enterprise WPA/WPA2 configuration) why would he/she even bother to launch this attack? Probably more beneficial to see what is accessible and open on the infrastructure – why waste time trying to capture traffic for one user when you could be exploiting a much larger footprint.

    –t

  6. CommentsWPA Too!   |  Monday, 02 August 2010 at 12:04 pm

    Hi JJ,

    Thanks for your reply. I wish I could be any of them you mentioned.

    I would like to share my understanding about the “Hole196” issue:

    1. If similar attacks, (I know its possible) are possible in much easier way on the wire, then one should be more worried about protecting wired networks first than “Hole196”. Hope you know how to do it.

    2. I always say multi-layer security should be adopted. If application is using it’s own encryption which can’t be beaten up by MITM attack, then it’s the most stealthiest network.

    3. No, it’s not needed! The radio waves from access points in the proximity will travel to you and will do the job for you.

    Though, the weakness of WPA2 encryption key (GTK) was mentioned in the standard, it came out as a surprise to the so called experts and architects of wireless industry.

    I am happy to know that the technology is already available to combat this attack.

    Thanks

  7. Commentsnalirog   |  Thursday, 05 August 2010 at 11:45 pm

    Hi WPA Too!

    >Thanks for your reply. I wish I could be any of them you mentioned.

    Being a researcher or a theorist would have been good excuses to be hyping up the dangers of an insignificant exploit. Self benefit must be your motivation – publicity and fear to help sell your product. Pathetic fear mongering – the lowest form of marketing in the security industry.

    >Though, the weakness of WPA2 encryption key (GTK) was mentioned in
    >the standard, it came out as a surprise to the so called experts and
    >architects of wireless industry.

    It was well documented in several places by the real experts. It’s just not very interesting. Rational analysis looks at the vulnerability and associated risks of an exploit. As has been pointed out this is a fairly worthless and boring exploit. Once a attacker has access – the attack risks are much higher from other vectors.

    >I am happy to know that the technology is already available to
    >combat this attack.

    Yes – the industry knows that you sell a product, but why would they trust a company that needs to work so hard to make a small vulnerability appear large.

  8. Commentsjj   |  Friday, 06 August 2010 at 9:34 am

    Nailrog,
    Geez! You’re tougher on them than I am ;)

    It was a clever use of the vulnerability, in some ways, I just don’t think there’s much importance to the findings or practical application for an attack. Points for good research, not so much real world use.

    -jj

  9. Commentssafety   |  Sunday, 21 September 2014 at 6:22 pm

    Greetings from Florida! I’m bored to death at work
    soo I decided to check out your blog on my iphone during lunch break.
    I enjoy the info you present here and can’t wait to take a look when I get home.
    I’m shocked at howw quick your blog loaded on my mobile ..

    I’m not even using WIFI, just 3G .. Anyhow, good site!


Leave a Reply