How malicious insiders can hack your WiFi -- easily
Your network is not as safe as you think
- By William Jackson
- Jul 27, 2010
LAS VEGAS—Researchers from AirTight Networks have uncovered a vulnerability in WiFi security protocols that could let a malicious insider bypass encryption to monitor traffic or launch attacks on wireless networks.
“The vulnerability exposes the secure network to insider attacks that allow malicious users to sniff and decrypt traffic,” said Kaustubh Phanse, principle wireless architect for AirTight.
The WiFi Protected Access 2 protocols use strong encryption to protect wireless network traffic and control access, but a loophole could let authorized users on the network improperly use shared group encryption keys to create spoofed packets and redirect traffic.
The designers of the standard knew of the flaw, said senior wireless security researcher Sohail Ahmad. However, Ahmad found a practical exploit for bypassing encryption and read traffic without cracking keys. He is demonstrating the exploit at the Black Hat Briefings security conference this week and also at the Defcon hackers’ convention this weekend.
The researchers said there are no known instances of the exploit having been used, but because the attack footprint is only on the wireless segments of a network the attack is very stealthy and would be difficult to detect. Although the exploit does not open the network to outsiders, there is little that can be done to protect the network from insider attacks, they said.
WiFi Protected Access is a security protocol in the 802.11 WiFi standards defined by the WiFi Alliance. It replaces the flawed Wired Equivalent Privacy protocols. The original WPA was an interim replacement for WEP and the current WPA2 is the final standard. The protocols call for 256-bit AES encryption, which has not been compromised. But the exploit, which relies on a hole in the security definitions for the shared group encryption key found, lets the attacker go around the encryption without breaking it. The vulnerability has been dubbed Hole 196 by researchers because the flawed definition is on page 196 of the standard.
WPA2 uses two types of encryption keys. The Group Temporal Key is used by the WiFi access point to encrypt multicast traffic. Because the group key also is used to decrypt multicast traffic from the access point, it is available to authorized client devices on the network. For point-to-point communications to specific MAC addresses the client devices use public-private key pairs for encryption.
“For the client, the destination is always fixed,” with traffic going either to an access point or another client, Ahmad said. So the client uses only the public key of the recipient for encryption. The client uses its private key to decrypt traffic from another client.
The group key is supposed to be used by the client only for decrypting multicast traffic from access points, but there is nothing that prevents a client from using it to encrypt traffic to other clients. When the group key is used, the system does not have the ability to detect spoofed traffic. This can allow a malicious insider to send packets encrypted with the group key and have packets redirected to itself.
“The hardware and the software is available to do this, with 10 lines of code,” Ahmad said.
Because the client is a legitimate user on the network, the access points forwarding the traffic to it use that client’s public key for encryption, enabling the client to decrypt the traffic with its private key. “So the client is able to read all the traffic,” Ahmad said.
Spoofed packets encrypted with the group key also could be used to sniff ports, send malicious code and launch denial of service attacks within the network.
Some software, such as the open source Snort tool, could be used on some laptops to detect malicious activity such as Address Resolution Protocol poisoning, but this is not enterprise grade software that could easily be pushed to all laptops on a network. It also would not work with many mobile devices that use WiFi. The only reliable way to detect malicious activity is continuous monitoring of wireless traffic on the network with a wireless intrusion prevention system, Phanse said.