“Hole 196″ was recently discovered at AirTight Networks, and endangers the strongest form of Wi-Fi encryption and authentication standard currently available.
The name refers to the page of the IEEE802.11 Standard (Revision, 2007) where the vulnerability is found.
It makes it possible for someone to decrypt private data and inject malicious “traffic” into the network, according to the AirTight Networks researcher who discovered the flaw, Md Sohail Ahmad, technology manager. He will reportedly demo Hole 196 at two conferences in Los Vegas next week.
Ahmad was able to use open sourse software and an off-the-shelf client card to spoof the network, pretending to be the gateway for transmitting traffic. From there, using Hole 196 “the malicious insider could drop traffic, drop a [denial-of-service] attack, or snoop”.
Can we fix it? No, says Kaustubh Phanse, Airtight’s wireless architect. “There’s nothing in the standard to upgrade to, in order to patch or fix the hole.” He describes the flaw as a “zero-day vulnerability that creates a window of opportunity” for exploitation.
What does that mean for you and me? That we can’t depend on our password for security over our wireless networks!
If you do financial business over the Internet, my recommendation is to use a wired connection, rather than wireless.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
