It\’s time to be nostalgic for the days after you could assume WPA2 as the strongest, most impregnable wireless security standard. Security firm AirTight Networks has discovered a method of compromising WPA2 encryption using about ten lines of code.
Utilizing what\’s called a \” man within the middle\” exploit, whereby a certified member of an encrypted network can intercept private data to and from a router and inject their own malicious packets, researcher Sohail Ahmad has developed a straightforward way to \” drop traffic, drop a [denial-of-service] attack, or snoop.\”
The AES encryption upon which WPA2 is predicated hasn\’t been compromised-rather, the attack exploits element of the WPA2 standard that mandates the shared use of one key on the element of every user connected to the network. Which means that your WPA2 network isn\’t prone to attacks from the surface, but rather (and more creepily) from those already trusted to affix the network.
Ahmed says the attack may be pulled off using only open source software and an average network card available to any consumer-exactly how can be demoed at the approaching DEF CON 18 hacker fest. The simplest news? \” There\’s nothing within the standard to upgrade to as a way to patch or fix the outlet,\” in step with another AirTight researcher.
The only strategy to prevent an attack of this form, consistent with AirTight, is by continuously \” monitoring traffic over the air.\” Oh, and how convenient! AirTight Networks in order that happens to sell wireless security consulting services. What would a decent metaphor for this be? A barber throwing gum to your hair? Though needless to say, better for this to be discovered by wireless security experts-conflicts of interest aside-than by someone with more nefarious intent. [AirTight Networks via Network World via PC Mag]
Samsung demos new 32nm quad-core Exynos prior to MWC
LG’s upcoming MWC lineup runs into some Italians, gets documented on video
