SlideShare a Scribd company logo

WPA2 Hole196 Vulnerability FAQs

AirTight Networks
AirTight Networks

"Hole196" is a vulnerability in the WPA2 security protocol exposing WPA2-secured Wi-Fi networks to insider attacks. AirTight Networks uncovered a weakness in the WPA2 protocol, which was documented but buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). Thus, the moniker “Hole196.” This document explains most of the FAQs about Hole196

Technology
1 of 4
Download to read offline
WPA 2 Hole196 Vulnerability – FAQ What is the “Hole196” vulnerability? "Hole196" is a vulnerability in the WPA2 security protocol exposing WPA2-secured Wi-Fi networks to insider attacks. AirTight Networks uncovered a weakness in the WPA2 protocol, which was documented but buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). Thus, the moniker “Hole196.” Central to this vulnerability is the group temporal key (GTK) that is shared among all authorized clients in a WPA2 network. In the standard behavior, only an AP is supposed to transmit group-addressed data traffic encrypted using the GTK and clients are supposed to decrypt that traffic using the GTK. However, nothing in the standard stops a malicious authorized client from injecting spoofed GTK-encrypted packets! Exploiting the vulnerability, an insider (authorized user) can sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices. In short, this vulnerability means that inter-user data privacy among authorized users is inherently absent over the air in a WPA2-secured network. Can this vulnerability be exploited only by insiders, or can an outsider also hack into a WPA2 network using Hole196? To exploit Hole196, a malicious user needs to know the group key (GTK) shared by the authorized users in that Wi-Fi network. So only an insider (authorized user) of a WPA2 network, having access to the GTK can exploit this vulnerability. If Hole196 can be exploited only by insiders, should we really worry about it? Extensive survey reports consistently show that insider attacks are the most common and costliest threat to enterprise data and network security. For instance, refer to the following two reports: 2010 CyberSecurity Watch Survey by CERT, CSO and Deloitte 2010 Verizon Data Breach Investigation Report If your organization is sensitive about insider threats and you are already taking steps to mitigate insider attacks on the wired network, then the Hole196 vulnerability is significant as it enables one of the stealthiest insiders attacks known that can lead to leakage of sensitive data (e.g., intellectual property, trade secrets, financial information), espionage, unauthorized access to IT resources, identity theft, etc. Does Hole196 enable or involve cracking of the WPA2 encryption key? No! Exploiting the Hole196 vulnerability does not involve cracking of the encryption key. This is neither an attack on the AES encryption or the 802.1x (or PSK) authentication. www.airtightnetworks.com
Does the malicious insider gain access to the private keys, i.e., the pairwise transient key (PTKs) of other authorized users in the WPA2 network? No! The malicious insider does not gain access to the private keys (PTKs) of other authorized Wi-Fi users in the WPA2 network. Then in what way can an insider exploit the Hole196 vulnerability? Our findings show that an insider could exploit Hole196 in three ways: (1) for ARP poisoning and man-in-the- middle attack; (2) for injecting malicious code onto other authorized Wi-Fi devices; and (3) for launching a denial- of-service (DoS) attack without using disconnection frames. In a WPA2 network, a malicious insider broadcasts fake packets (with the AP’s MAC address as the transmitter’s address) encrypted using the shared group key (GTK) directly to other authorized Wi-Fi clients in the network. One example of an exploit that can be launched using GTK is the classic ARP poisoning (man-in-the-middle) attack (demonstrated at Black Hat Arsenal 2010 and Defcon18). In the ARP poisoning exploit, the insider can include for instance an ARP Request message inside the GTK- encrypted packet. The ARP Request has the IP address of the actual gateway, but the MAC address of the attacker’s machine. All clients that receive this message will update their ARP table – mapping the attacker’s MAC address with the gateway’s IP address. All “poisoned” Wi-Fi clients will send all their traffic, encrypted with their respective private keys (PTKs), to the AP, but with the attacker’s MAC address as the destination. The AP will decrypt the traffic and forward it to the attacker, now encrypting it using the attacker’s PTK. Because all traffic reaching the attacker (from the AP) is encrypted with the attacker’s PTK, the attacker can decrypt the traffic (including login credentials, emails and other sensitive data). The attacker can then choose to forward the traffic to the actual gateway of the network, so that the victim Wi-Fi clients do not see any abnormal behavior and continue their communication. But ARP spoofing (and man-in-the middle) was always possible over Ethernet or even in a WPA2 network via the AP. So what’s new? ARP Spoofing (and man-in-the-middle) is a classic attack in both wired and Wi-Fi networks. However, in this old way of launching the attack, the AP forwards the spoofed ARP messages on the wireless as well as the wired network. The messages that go on the wire are in the clear (unencrypted). Wired network security has evolved over the years to the point that wired IDS/IPS and even some network switches can readily catch and block this attack on the wire today. www.airtightnetworks.com
The subtle point (that many people seem to miss) about exploiting the GTK in WPA2 for launching an ARP Spoofing attack is that the footprint of the attack is only in the air and the payload is encrypted. So no wire-side security solution is ever going to catch this attack over WPA2, nor will existing APs will see anything abnormal. And note that ARP spoofing is just one example of an exploit over this vulnerability. More sophisticated attacks are possible. Can this vulnerability be practically exploited? Unlike the WPA-TKIP vulnerability (announced in November 2008) that was largely of theoretical interest, the Hole196 vulnerability can be practically exploited using existing open source software such as madwifi driver and wpa supplicant, and adding ten lines of code. The man-in-the-middle attack using ARP spoofing was demonstrated at Black Hat Arsenal 2010 and Defcon18. Other attacks such as port scanning, exploiting OS and application vulnerabilities, malware injection, DNS manipulation, denial of service, etc. are possible by misusing GTK. Are all WPA and WPA2 implementations vulnerable to this attack? Yes! Hole196 is a fundamental vulnerability in the protocol design. All Wi-Fi networks using WPA or WPA2, regardless of the authentication (PSK or 802.1x) and encryption (AES) they use, are vulnerable. Are WLAN architectures using stand-alone APs and those using WLAN controllers vulnerable to Hole196? This vulnerability is fundamental to the WPA/WPA2 protocol design. So as long as a WLAN architecture (stand- alone AP or controller based) is following the standard, it is vulnerable to Hole196. Is there a fix in the 802.11 protocol standard which I can implement with a software upgrade to protect against this vulnerability? Unlike in the case of earlier vulnerabilities in Wi-Fi encryption and authentication protocols, there is no immediate fallback in the 802.11 standard that can be used to fix or circumvent this vulnerability. Can I use the client isolation (or PSPF) feature on my WLAN infrastructure to protect against WPA2 Hole196? Client isolation is not part of the 802.11 standard, but a proprietary feature that is available on some APs and WLAN controllers. The implementation of the feature is likely to vary from vendor to vendor. www.airtightnetworks.com
Turning ON the Client isolation (or PSPF) feature on an AP or WLAN controller can prevent two Wi-Fi clients associated with an AP from communicating with each other via the AP. This means that while a malicious insider can continue to send spoofed GTK encrypted packets directly to other clients in the network, the data traffic from the victim clients will not be forwarded by the AP to the attacker’s Wi-Fi device. However, an attacker can bypass the Wi-Fi client isolation feature, by setting up a fake gateway on the wired network, poison the ARP cache on authorized Wi-Fi devices using GTK and redirect all data traffic to the fake gateway instead of redirecting it directly to his Wi-Fi device. Plus, other attacks such as malware injection, port scanning, denial of service, etc. are still possible using only the first step (sending GTK-encrypted packets) Is there something I can install on my laptop to protect it against WPA2 Hole196? Software (such as Snort or DecaffeintID) can be installed on some Windows and Linux laptops to detect ARP poisoning, though it’s not practical to manually install software on large number of endpoints. Further, the software is not supported on most endpoints (e.g., iPhones, iPads, Blackberry, Windows Mobile, Windows 7, etc.) that will continue to be at risk from the WPA 2 Hole196 vulnerability. Besides, those softwares cannot stop a malicious insider from launching other Hole196 based attacks such as malware injection, port scanning, denial of service, etc. Can a wire-side solution like an IDS/IPS or ARP Poisoning detector on the LAN switch detect this attack? The footprint of WPA2 Hole196 based insider attacks is limited to the air, making them among the stealthiest of insider attacks known. As a result, no wireline security solution (wired IDS/IPS, firewall, or switch-based ARP Poisoning detection) can detect these attacks. Can a wireless intrusion prevention system (WIPS) detect this attack? Hole196 is yet another example of a vulnerability (like WEP cracking, WPA-TKIP vulnerability, Cisco Skyjacking) that calls for a multi-layered wireless security approach. A wireless intrusion prevention system (WIPS) can detect attacks based on Hole196 and provide that additional layer of security to comprehensively protect enterprise networks from wireless threats such as rogue APs, misbehavior of Wi-Fi clients, misconfigurations in your WLAN infrastructure, and vulnerabilities in the Wi-Fi security protocols. www.airtightnetworks.com

Recommended

Wpa2 hole196-vulnerability
Wpa2 hole196-vulnerabilityWpa2 hole196-vulnerability
Wpa2 hole196-vulnerabilitykhalidbaig
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
IJNSA Journal
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Securityphanleson
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 

Recommended

Wpa2 hole196-vulnerability
Wpa2 hole196-vulnerabilityWpa2 hole196-vulnerability
Wpa2 hole196-vulnerabilitykhalidbaig
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
IJNSA Journal
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 
Ch20 Wireless Security
Ch20 Wireless SecurityCh20 Wireless Security
Ch20 Wireless Securityphanleson
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be Jeopardized
IRJET Journal
 
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
The Phantom Protocol: Generic, Decentralized, Unstoppable AnonymityThe Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
lokijaja
 
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Mohammad Fareed
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
APNIC
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
Syed Ubaid Ali Jafri
 
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in LibrariesSecuring the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Philippine Association of Academic/Research Librarians
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
Bangladesh Network Operators Group
 
woot15-paper-novella
woot15-paper-novellawoot15-paper-novella
woot15-paper-novellaEduardo Novella
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
John Rhoton
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
PositiveTechnologies
 
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISSECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
IJNSA Journal
 
Fortinet Tanıtım
Fortinet TanıtımFortinet Tanıtım
Fortinet Tanıtım
Güney Bilişim
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
Yunfei Yang
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hackingHarshit Varshney
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017
Novosco
 
Introduction to Security Fabric
Introduction to Security FabricIntroduction to Security Fabric
Introduction to Security Fabric
Francisco Ordillano
 
The History Of The Internet
The History Of The InternetThe History Of The Internet
The History Of The Internet
Madison93
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
AirTight Networks
 

More Related Content

What's hot

Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be Jeopardized
IRJET Journal
 
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
The Phantom Protocol: Generic, Decentralized, Unstoppable AnonymityThe Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
lokijaja
 
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Mohammad Fareed
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
APNIC
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
Syed Ubaid Ali Jafri
 
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in LibrariesSecuring the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Philippine Association of Academic/Research Librarians
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
Bangladesh Network Operators Group
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
John Rhoton
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
PositiveTechnologies
 
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISSECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
IJNSA Journal
 
Fortinet Tanıtım
Fortinet TanıtımFortinet Tanıtım
Fortinet Tanıtım
Güney Bilişim
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
Yunfei Yang
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017
Novosco
 
Introduction to Security Fabric
Introduction to Security FabricIntroduction to Security Fabric
Introduction to Security Fabric
Francisco Ordillano
 

What's hot (20)

Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be Jeopardized
 
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
The Phantom Protocol: Generic, Decentralized, Unstoppable AnonymityThe Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
The Phantom Protocol: Generic, Decentralized, Unstoppable Anonymity
 
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
 
IoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat LandscapeIoT - the Next Wave of DDoS Threat Landscape
IoT - the Next Wave of DDoS Threat Landscape
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in LibrariesSecuring the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in Libraries
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
 
woot15-paper-novella
woot15-paper-novellawoot15-paper-novella
woot15-paper-novella
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Windows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best PracticesWindows Mobile Enterprise Security Best Practices
Windows Mobile Enterprise Security Best Practices
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 Vulnerabilities
 
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISSECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
 
Fortinet Tanıtım
Fortinet TanıtımFortinet Tanıtım
Fortinet Tanıtım
 
Advanced Wi-Fi pentesting
Advanced Wi-Fi pentestingAdvanced Wi-Fi pentesting
Advanced Wi-Fi pentesting
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017
 
Introduction to Security Fabric
Introduction to Security FabricIntroduction to Security Fabric
Introduction to Security Fabric
 

Viewers also liked

The History Of The Internet
The History Of The InternetThe History Of The Internet
The History Of The Internet
Madison93
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
AirTight Networks
 
Electronic Entertainment Expo 2016
Electronic Entertainment Expo 2016Electronic Entertainment Expo 2016
Electronic Entertainment Expo 2016
Bruna Mesquita
 
Water Ways Presentation
Water Ways PresentationWater Ways Presentation
Water Ways PresentationTipperary
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
AirTight Networks
 

Viewers also liked (6)

The History Of The Internet
The History Of The InternetThe History Of The Internet
The History Of The Internet
 
When WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS AttacksWhen WLANs Launch Self DoS Attacks
When WLANs Launch Self DoS Attacks
 
Excursie De Esch
Excursie De EschExcursie De Esch
Excursie De Esch
 
Electronic Entertainment Expo 2016
Electronic Entertainment Expo 2016Electronic Entertainment Expo 2016
Electronic Entertainment Expo 2016
 
Water Ways Presentation
Water Ways PresentationWater Ways Presentation
Water Ways Presentation
 
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
802.11n The Good, The Bad, and The Ugly: Will You Be Ready?
 

Similar to WPA2 Hole196 Vulnerability FAQs

WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
AirTight Networks
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 
1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdf1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdf
TouhemiJamel
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
saloni mittal
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
Ishan Girdhar
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
SeanHussey8
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...Lindsey Landolfi
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
inventy
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
IJCSIS Research Publications
 
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESEFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
IJNSA Journal
 
Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Saravana Kumar
 
Firewall
FirewallFirewall
Firewall
Netwax Lab
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IJNSA Journal
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprises
shrutisreddy
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
ronak56
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
daniahendric
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
makdul
 
Wireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesWireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesYogesh Kumar
 

Similar to WPA2 Hole196 Vulnerability FAQs (20)

WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation StrategiesWPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
WPA2 Hole196 Vulnerability: Exploits and Remediation Strategies
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdf1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdf
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfWireless Security – From A to Z – Types, Threats, To How to Secure.pdf
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdf
 
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
The Risks and Security Standards of WLAN Technologies: Bluetooth and Wireles...
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIESEFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
EFFECT MAN-IN THE MIDDLE ON THE NETWORK PERFORMANCE IN VARIOUS ATTACK STRATEGIES
 
Ichci13 submission 104 (1)
Ichci13 submission 104 (1)Ichci13 submission 104 (1)
Ichci13 submission 104 (1)
 
Firewall
FirewallFirewall
Firewall
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprises
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docxAbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
AbstractVoice over Internet Protocol (VoIP) is an advanced t.docx
 
Wireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesWireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+Vulnerabilities
 

More from AirTight Networks

Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?
AirTight Networks
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
AirTight Networks
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfAirTight Networks
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight Networks
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
AirTight Networks
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
AirTight Networks
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
AirTight Networks
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
AirTight Networks
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
AirTight Networks
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise Security
AirTight Networks
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Networks
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
AirTight Networks
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
AirTight Networks
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
AirTight Networks
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
AirTight Networks
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
AirTight Networks
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
AirTight Networks
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
AirTight Networks
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP Exploit
AirTight Networks
 

More from AirTight Networks (20)

Is 11ac Right for Your Network?
Is 11ac Right for Your Network?Is 11ac Right for Your Network?
Is 11ac Right for Your Network?
 
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
Air tight 11ac webinar series session 2 - 11ac feature deep dive - june 2014
 
Wi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise ThyselfWi-Fi Offload Summit - Monetise Thyself
Wi-Fi Offload Summit - Monetise Thyself
 
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
AirTight 11ac Webinar Series, Aession 1 - Intro to 802.11ac - June 10 2014
 
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
Restaurant Wi-Fi Primer: Retail Analytics and Social Integration
 
AirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSPAirTight Networks Evolution - Cloud & MSP
AirTight Networks Evolution - Cloud & MSP
 
AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6AirTight Networks WIPS at Wireless Field Day 6 WFD6
AirTight Networks WIPS at Wireless Field Day 6 WFD6
 
AirTight social wifi solution brief
AirTight social wifi solution briefAirTight social wifi solution brief
AirTight social wifi solution brief
 
Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013Considerations for a secure enterprise wlan data connectors 2013
Considerations for a secure enterprise wlan data connectors 2013
 
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
Drive Revenue, Protect Data, & Automate PCI Compliance by Dwight Agriel | @Ai...
 
Survey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise SecuritySurvey on the Impact of BYOD on Enterprise Security
Survey on the Impact of BYOD on Enterprise Security
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
 
Non WiFi interference combat guide 1
Non WiFi interference combat guide 1Non WiFi interference combat guide 1
Non WiFi interference combat guide 1
 
Conquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the EnterpriseConquering the Minefield of Soft Rogue APs in the Enterprise
Conquering the Minefield of Soft Rogue APs in the Enterprise
 
Windows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the EnterpriseWindows 7 - A New Wireless Risk to the Enterprise
Windows 7 - A New Wireless Risk to the Enterprise
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresSkyjacking A Cisco Wlan Attack Analysis And Countermeasures
Skyjacking A Cisco Wlan Attack Analysis And Countermeasures
 
Retail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—RecommendationsRetail Stores and Wireless Security—Recommendations
Retail Stores and Wireless Security—Recommendations
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your Enterprise
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP Exploit
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 

WPA2 Hole196 Vulnerability FAQs

  • 1. WPA 2 Hole196 Vulnerability – FAQ What is the “Hole196” vulnerability? "Hole196" is a vulnerability in the WPA2 security protocol exposing WPA2-secured Wi-Fi networks to insider attacks. AirTight Networks uncovered a weakness in the WPA2 protocol, which was documented but buried on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007). Thus, the moniker “Hole196.” Central to this vulnerability is the group temporal key (GTK) that is shared among all authorized clients in a WPA2 network. In the standard behavior, only an AP is supposed to transmit group-addressed data traffic encrypted using the GTK and clients are supposed to decrypt that traffic using the GTK. However, nothing in the standard stops a malicious authorized client from injecting spoofed GTK-encrypted packets! Exploiting the vulnerability, an insider (authorized user) can sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices. In short, this vulnerability means that inter-user data privacy among authorized users is inherently absent over the air in a WPA2-secured network. Can this vulnerability be exploited only by insiders, or can an outsider also hack into a WPA2 network using Hole196? To exploit Hole196, a malicious user needs to know the group key (GTK) shared by the authorized users in that Wi-Fi network. So only an insider (authorized user) of a WPA2 network, having access to the GTK can exploit this vulnerability. If Hole196 can be exploited only by insiders, should we really worry about it? Extensive survey reports consistently show that insider attacks are the most common and costliest threat to enterprise data and network security. For instance, refer to the following two reports: 2010 CyberSecurity Watch Survey by CERT, CSO and Deloitte 2010 Verizon Data Breach Investigation Report If your organization is sensitive about insider threats and you are already taking steps to mitigate insider attacks on the wired network, then the Hole196 vulnerability is significant as it enables one of the stealthiest insiders attacks known that can lead to leakage of sensitive data (e.g., intellectual property, trade secrets, financial information), espionage, unauthorized access to IT resources, identity theft, etc. Does Hole196 enable or involve cracking of the WPA2 encryption key? No! Exploiting the Hole196 vulnerability does not involve cracking of the encryption key. This is neither an attack on the AES encryption or the 802.1x (or PSK) authentication. www.airtightnetworks.com
  • 2. Does the malicious insider gain access to the private keys, i.e., the pairwise transient key (PTKs) of other authorized users in the WPA2 network? No! The malicious insider does not gain access to the private keys (PTKs) of other authorized Wi-Fi users in the WPA2 network. Then in what way can an insider exploit the Hole196 vulnerability? Our findings show that an insider could exploit Hole196 in three ways: (1) for ARP poisoning and man-in-the- middle attack; (2) for injecting malicious code onto other authorized Wi-Fi devices; and (3) for launching a denial- of-service (DoS) attack without using disconnection frames. In a WPA2 network, a malicious insider broadcasts fake packets (with the AP’s MAC address as the transmitter’s address) encrypted using the shared group key (GTK) directly to other authorized Wi-Fi clients in the network. One example of an exploit that can be launched using GTK is the classic ARP poisoning (man-in-the-middle) attack (demonstrated at Black Hat Arsenal 2010 and Defcon18). In the ARP poisoning exploit, the insider can include for instance an ARP Request message inside the GTK- encrypted packet. The ARP Request has the IP address of the actual gateway, but the MAC address of the attacker’s machine. All clients that receive this message will update their ARP table – mapping the attacker’s MAC address with the gateway’s IP address. All “poisoned” Wi-Fi clients will send all their traffic, encrypted with their respective private keys (PTKs), to the AP, but with the attacker’s MAC address as the destination. The AP will decrypt the traffic and forward it to the attacker, now encrypting it using the attacker’s PTK. Because all traffic reaching the attacker (from the AP) is encrypted with the attacker’s PTK, the attacker can decrypt the traffic (including login credentials, emails and other sensitive data). The attacker can then choose to forward the traffic to the actual gateway of the network, so that the victim Wi-Fi clients do not see any abnormal behavior and continue their communication. But ARP spoofing (and man-in-the middle) was always possible over Ethernet or even in a WPA2 network via the AP. So what’s new? ARP Spoofing (and man-in-the-middle) is a classic attack in both wired and Wi-Fi networks. However, in this old way of launching the attack, the AP forwards the spoofed ARP messages on the wireless as well as the wired network. The messages that go on the wire are in the clear (unencrypted). Wired network security has evolved over the years to the point that wired IDS/IPS and even some network switches can readily catch and block this attack on the wire today. www.airtightnetworks.com
  • 3. The subtle point (that many people seem to miss) about exploiting the GTK in WPA2 for launching an ARP Spoofing attack is that the footprint of the attack is only in the air and the payload is encrypted. So no wire-side security solution is ever going to catch this attack over WPA2, nor will existing APs will see anything abnormal. And note that ARP spoofing is just one example of an exploit over this vulnerability. More sophisticated attacks are possible. Can this vulnerability be practically exploited? Unlike the WPA-TKIP vulnerability (announced in November 2008) that was largely of theoretical interest, the Hole196 vulnerability can be practically exploited using existing open source software such as madwifi driver and wpa supplicant, and adding ten lines of code. The man-in-the-middle attack using ARP spoofing was demonstrated at Black Hat Arsenal 2010 and Defcon18. Other attacks such as port scanning, exploiting OS and application vulnerabilities, malware injection, DNS manipulation, denial of service, etc. are possible by misusing GTK. Are all WPA and WPA2 implementations vulnerable to this attack? Yes! Hole196 is a fundamental vulnerability in the protocol design. All Wi-Fi networks using WPA or WPA2, regardless of the authentication (PSK or 802.1x) and encryption (AES) they use, are vulnerable. Are WLAN architectures using stand-alone APs and those using WLAN controllers vulnerable to Hole196? This vulnerability is fundamental to the WPA/WPA2 protocol design. So as long as a WLAN architecture (stand- alone AP or controller based) is following the standard, it is vulnerable to Hole196. Is there a fix in the 802.11 protocol standard which I can implement with a software upgrade to protect against this vulnerability? Unlike in the case of earlier vulnerabilities in Wi-Fi encryption and authentication protocols, there is no immediate fallback in the 802.11 standard that can be used to fix or circumvent this vulnerability. Can I use the client isolation (or PSPF) feature on my WLAN infrastructure to protect against WPA2 Hole196? Client isolation is not part of the 802.11 standard, but a proprietary feature that is available on some APs and WLAN controllers. The implementation of the feature is likely to vary from vendor to vendor. www.airtightnetworks.com
  • 4. Turning ON the Client isolation (or PSPF) feature on an AP or WLAN controller can prevent two Wi-Fi clients associated with an AP from communicating with each other via the AP. This means that while a malicious insider can continue to send spoofed GTK encrypted packets directly to other clients in the network, the data traffic from the victim clients will not be forwarded by the AP to the attacker’s Wi-Fi device. However, an attacker can bypass the Wi-Fi client isolation feature, by setting up a fake gateway on the wired network, poison the ARP cache on authorized Wi-Fi devices using GTK and redirect all data traffic to the fake gateway instead of redirecting it directly to his Wi-Fi device. Plus, other attacks such as malware injection, port scanning, denial of service, etc. are still possible using only the first step (sending GTK-encrypted packets) Is there something I can install on my laptop to protect it against WPA2 Hole196? Software (such as Snort or DecaffeintID) can be installed on some Windows and Linux laptops to detect ARP poisoning, though it’s not practical to manually install software on large number of endpoints. Further, the software is not supported on most endpoints (e.g., iPhones, iPads, Blackberry, Windows Mobile, Windows 7, etc.) that will continue to be at risk from the WPA 2 Hole196 vulnerability. Besides, those softwares cannot stop a malicious insider from launching other Hole196 based attacks such as malware injection, port scanning, denial of service, etc. Can a wire-side solution like an IDS/IPS or ARP Poisoning detector on the LAN switch detect this attack? The footprint of WPA2 Hole196 based insider attacks is limited to the air, making them among the stealthiest of insider attacks known. As a result, no wireline security solution (wired IDS/IPS, firewall, or switch-based ARP Poisoning detection) can detect these attacks. Can a wireless intrusion prevention system (WIPS) detect this attack? Hole196 is yet another example of a vulnerability (like WEP cracking, WPA-TKIP vulnerability, Cisco Skyjacking) that calls for a multi-layered wireless security approach. A wireless intrusion prevention system (WIPS) can detect attacks based on Hole196 and provide that additional layer of security to comprehensively protect enterprise networks from wireless threats such as rogue APs, misbehavior of Wi-Fi clients, misconfigurations in your WLAN infrastructure, and vulnerabilities in the Wi-Fi security protocols. www.airtightnetworks.com