August 05, 2010 08:00 ET

AirTight Demonstrates WIPS Detection and Location Methodology for WPA2 'Hole196' Exploit Presented at Black Hat and DEFCON

WPA2 Secured Wi-Fi Vulnerable to Insider Attacks Despite AES Encryption and 802.1x Authentication

MOUNTAIN VIEW, CA--(Marketwire - August 5, 2010) - AirTight Networks, the leading provider of wireless intrusion prevention systems and services (WIPS), demonstrated the first detection and location methodology against the WPA2 'Hole196.' The exploit was detailed by senior wireless security researcher, Md Sohail Ahmad, last week at Black Hat and DEFCON. The 'Hole 196' vulnerability exposes secured wireless networks to a key 'loophole' that allows authorized users to:

• Bypass WPA2 inter-user data privacy and decrypt data from other users in the network
• Launch Man-in-the-Middle attacks
• Launch Denial of Service (DoS)

"While there are several steps companies can take to mitigate this threat in their infrastructure, a layered approach to security remains the best practice," said Pravin Bhagwat, CTO of AirTight. "WIPS provides a faster path for detecting and managing new threats until appropriate software fixes and configuration changes are implemented in the infrastructure."

Using AirTight's SpectraGuard Enterprise WIPS, organizations can:

• detect anomalous traffic from authorized access points (APs) which could indicate the presence of a packet injection attack
• physically locate the position of the attacker
• gain forensics information on inter-client communication

While AirTight's findings indicate that this vulnerability is only exploitable by an authorized user of the wireless network, they are of concern because organizations are relying on WPA2 for its strong encryption and authentication. And the footprint of such insider attacks is limited to the air, making detection of such attacks difficult through wire-side monitoring systems only. Indeed during its recent Webinar on the subject, 86% of the almost 200 attendees responded to the poll question, "Are you concerned about insider threats?" with a resounding yes.

"Although Hole196 is an insider attack, it demonstrates that security measures in WLAN infrastructure can be bypassed in ways previously thought not possible. A layered approach to security not only protects against holes in WLAN defenses, but also protects against bigger and more severe threats such as Rogue APs and Soft APs planted maliciously or inadvertently by insiders," continued Bhagwat.

Indeed insider threats continue to be the biggest challenge to IT and source of loss to the business. In the January 2010 Cybersecurity Watch Survey by CERT, CSO and Deloitte noted, "51% of respondents who experienced a cyber security event were still victims of an insider attack," even though the top 15 security policies were aimed at preventing insider attacks. Additionally, the report said that "Insider incidents are more costly than external breaches," which makes such insider vulnerabilities more concerning.

Unlike the WPA-TKIP vulnerability (announced in November of 2008) that was largely of theoretical interest, the 'Hole196' vulnerability can be practically exploited using existing open source software as the basis.

AirTight presented a public Webinar yesterday to detail its findings and demo the detection technique and will post the recording on its Website. Additional information about the 'Hole196' vulnerability can be found at http://www.airtightnetworks.com/wpa2-hole196

About AirTight
AirTight Networks is the global leader in wireless security and compliance solutions providing customers best-of-breed technology to automatically detect, classify, locate and block all current and emerging wireless threats. AirTight offers both the industry's leading wireless intrusion prevention system (WIPS) and the world's first wireless vulnerability management (WVM) security-as-a-service (SaaS). AirTight's award-winning solutions are used by customers globally in the financial, government, retail, manufacturing, transportation, education, health care, telecom, and technology industries. AirTight owns the seminal patents for wireless intrusion prevention technology with 18 U.S. patents granted or allowed, two international patents granted (UK and Australia), and more than 20 additional patents pending. AirTight Networks is a privately held company based in Mountain View, CA. For more information please visit www.airtightnetworks.com

AirTight Networks and the AirTight Networks logo are trademarks; AirTight and SpectraGuard are registered trademarks of AirTight Networks, Inc. All other trademarks are the property of their respective owners.