WPA2 Vulnerability Found [PC World]
It's currently the strongest security and encryption protocol on most wireless routers, but one computer security expert claims to have found a flaw in WPA2. Calling it "Hole 196," a researcher at wireless security firm AirTight Networks that discovered the problem named it after the page in the IEEE 802.11 standard where the information that lead to the flaw's discovery is found.
Hole 196 allows for a so-called "man-in-the-middle" attack, meaning that the vulnerability can only be exploited by a user with legitimate access to a WPA2 protected network. Once inside, a user can disguise his computer as an access point for the network, fooling other computers connected to the network to receive potentially harmful traffic from the spoofed access point.
According to the researcher, the equipment and software necessary to initiate such an attack on a network are easily obtained and there currently isn't anything within the WPA2 standard that would allow for Hole 196 to be patched. For now, the good news is that an attacker must have legitimate access to a WPA2 protected network to exploit Hole 196, and it's likely that the publication of this researcher's work will lead to a fix for the vulnerability in WPA2.
Comments