21
Sat, Dec
3 New Articles

Wi-Fi Security: Filling in Hole196

Development Tools / Utilities
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The last sentence on page 196 of the 802.11 spec creates a furor.

 

Wi-Fi has a long history of security vulnerabilities and resulting fixes. WEP, TKIP, WPA, and the current standard of WPA2 have brought the technology closer to being secure. Indeed, the pervasiveness of Wi-Fi has changed everything—from how we design computer networks, to where we enjoy our coffee breaks, to how we buy and read our books. Travel in any foreign land, and the first question you'll find yourself asking the natives is "Where is the nearest Wi-Fi?"

 

But a WPA2 flaw discovered last summer—called Hole196—has many network security specialists scratching their heads. What is it? Should we be concerned? How can it be plugged?

 

Unfortunately, not even the IEEE, which created the specification for 802.11 Wi-Fi, has a clear idea.

Wi-Fi Security History

Most of us know that Wi-Fi is based upon the IEEE specification called 802.11. That spec defines the radio frequencies used by Wi-Fi, the functional requirements of the electrical circuitry, and the protocols that enable devices to communicate without connecting cables. Many of us will remember the snafus associated with the original Wired Equivalent Privacy (WEP) security scheme: a scheme so easy to break that it threatened the acceptance of Wi-Fi by businesses and consumers.

 

Wi-Fi has come a long way since those early days. Wi-Fi security was strengthened from WEP—through firmware upgrades of routers—to WPA. WPA, which stands for Wi-Fi Protected Access, provided a new link-layer security level called Temporal Key Integrity Protocol (TKIP). It also optionally provided the data encryption algorithm called Advanced Encryption Standard (AES), used by the U.S. Government. In addition, WPA came with two protocol mechanisms for authentication of devices: WPA Personal, which permits a pre-shared network key, and WPA Enterprise, which requires the use of a separate server to assign and manage network keys associated with a device's MAC address.

 

WPA also made available other authentication extensions implemented by different vendors, such as Extensible Authentication Protocol (EAP), Lightweight Extensible Authentication Protocol (LEAP), and Protected Extensible Authentication Protocol (PEAP). And though EAP, LEAP, and PEAP are acronyms that sound like characters in a Tolkien novel, all of the security elements of WPA significantly strengthened Wi-Fi's acceptance in the business community. Consequently, as these technologies were accepted and implemented, they were incorporated into newer versions of Wi-Fi hardware.

 

It was through this evolutionary process that WPA became the basis of a second version called Wi-Fi Protected Access version 2 (WPA2) in 2007. WPA2 is the standard we use today. It resides in the hardware and firmware of the Wi-Fi routers that are sold throughout the world.

Network Authentication and Encryption

So what is Hole196? How does it make WAP2 vulnerable? To understand the complexities, you must remember that there are two separate processes in the 802.11 spec: authentication and encryption.

 

Authentication is the process of letting a device attach to the Wi-Fi network, based upon the authentication protocol that has been implemented. For instance, if a Wi-Fi router is using WAP Personal, the connecting Wi-Fi device must provide a key to gain access to the network. This key, which can be pre-shared, authenticates the wireless device and permits it to receive and transmit packets of information.

 

Authentication also enables the device to gain access to the AES encryption services of the network. Each authenticated device receives a set of encryption keys so that it may understand the network data that it receives. One key, which is unique to each device, is called the Pairwise Transient Key (PTK) and is used to encrypt unicast (one-way) traffic communication. The other key is called a Group Temporal Key (GTK) and is used to protect broadcast data sent from the Access Point (AP) to multiple devices in the network.

What Is Hole196?

The vulnerability of Hole196 in WPA2 was identified last July by Md Sohail Ahmad at AirTight Networks, buried on the last line of page 196 of the 1,232-page IEEE 802.11 Standard. That's how it obtained the moniker Hole196. In essence, the vulnerability exposed by Hole196 looks like this:

 

The Pairwise Transient Key (PTK) of the WPA2 protocol can detect address spoofing and data forgery. But the Group Temporal Key (GTK) doesn't have that capability. In the standard behavior, only an Access Point (AP) is supposed to transmit group-addressed data traffic encrypted using the GTK, and each connected device is supposed to decrypt that traffic using the GTK. However, nothing in the standard would theoretically prevent a malicious authorized device from injecting spoofed GTK-encrypted packets!

 

In short, by exploiting this vulnerability, an insider (authorized user) could theoretically sniff and decrypt data from other authorized users, as well as scan their Wi-Fi devices for added vulnerabilities, install malware, and possibly compromise those devices.

How Hole196 Could Be Exploited

So, how would this vulnerability be exploited? In theory:

  • A Wi-Fi device obtains access to the Wi-Fi network through the defined authentication processes—AES Personal, AES Enterprise, EAP, LEAP, PEAP, or some other sanctioned authentication.
  • Once on the Wi-Fi network, the device receives the GTK and could then poison the MAC address of the node's Access Point, while pretending to be—or spoofing—the Access Point itself. This kind of disruption is called Address Resolution Protocol (ARP) poisoning.
  • The other devices on the network would not be able to detect the spoof, so they would then send their PTKs to the spoofing address—the exploiting Wi-Fi device.
  • The spoofed device could then communicate with all other devices on the node, while inserting malicious code in the data stream destined for those devices.
  • Or the exploit could theoretically use the PTK to attempt to decrypt the data that the other devices are receiving from the host.
  • Or the exploit could start a Denial of Service (DoS) attack, preventing any other device from accessing the host system.

 

This kind of exploit is known on wired networks as a man-in-the-middle exploit. And though wired networks have developed mechanisms to detect man-in-the-middle attacks and prevent the spoof, Wi-Fi networks have some limitations. Consequently, AirTight Networks makes two cogent points:

  1. There are no anti-spoofing mechanisms established for authenticated devices in the native WAP2 protocol.
  2. The entire exploit would be untraceable because it transpires in the air, beyond the reach of the network mechanisms themselves, in the Wi-Fi radio spectrum.

 

In essence, as soon as the network is interrupted or shut down to be investigated by network administrators, the exploit would disappear from view, while the malware injected in the data stream itself would have theoretically already reached its targets in other Wi-Fi devices.

 

AirTight Networks has said that a Hole196 exploit can be written within 10 lines of code, inserted into the protocol stack of a Wi-Fi device, and then activated at random without detection by a wired Intrusion Detection/Intrusion Protection System (IDS/IPS).

How Bad Is Hole196?

AirTight Networks demonstrated a Hole196 exploit at DEF CON 18 hacker's convention last July, and that demonstration created a lot controversy. Some network security analysts pooh-poohed the exploit for two reasons:

  1. Hole196 doesn't break authentication processes at all, meaning that the exploit would have to be initiated by someone who already has legitimate access to the Wi-Fi network.
  2. Hole196 doesn't crack the encryption protocol of AES itself, but merely steals the PTK of another user to attempt to gain access to the data.

 

These critics say that AirTight Networks was merely using Hole196 as a publicity stunt for DEF CON.

 

But some other analysts are a little less cavalier about Hole196 and have countered that the great majority of network spying incidents are actually the results of internal security breaches within the organization itself. These breaches are conducted by individuals who already have network credentials. If the vulnerability does truly exist, they say, it represents a threat that should be addressed.

 

But how? Engineers point out that WPA2 is really just an extension of WPA version 1. Likewise, the protocol mechanisms in WPA2 did not change much from WPA; only the hardware requirements and the priorities and preeminence of the AES encryption protocol changed.

 

Most importantly, according to these engineers, Hole196 doesn't point to a patchable area of the 802.11 specification, but represents a threat to the entire engineered 802.11 architecture. To patch Hole196, the 802.11 spec itself would have to be rewritten. If 802.11 is rewritten, the entire hardware infrastructure of Wi-Fi itself would have to be replaced, representing millions—if not billions—of lost infrastructure dollars.

 

No wonder Hole196 is so controversial.

Mitigating Hole196 Vulnerabilities

At this writing, there have been no reported exploits identified from the potential vulnerability claimed by Hole196. (But then, with an untraceable exploit, how could anyone say for certain?) Nonetheless, some network administrators have begun examining ways to mitigate the potential. What follows are several precautions that network administrators could institute on their Wi-Fi networks:

  • Segregate access with VLANs and virtual SSIDs: Put departments and groups on different virtual networks to help isolate a potential attack to only the originating virtual network.
  • Enable client isolation: Some Access Point (AP) vendors include a proprietary feature on their APs and controllers that prevents user-to-user communication across Wi-Fi. Implementing client isolation (under various proprietary names) can help protect users from part of the Hole196 vulnerability.
  • Use VPN connections: With the implementation of Virtual Private Networking (VPN), each user's traffic must pass through a VPN server. Thus, if someone successfully eavesdrops on another user, the culprit will just see a bunch of gibberish.
  • Update AP firmware: AP vendors may yet figure out a means to plug the Hole196 vulnerability via an AP firmware update, so make certain you keep your APs and other network components up-to-date.
  • Update your wireless IDS/IPS: Some wireless Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) do have a means to detect and alert you to some of these kinds of man-in-the-middle attacks. Over the next months, some of these solutions will likely be updated to detect exploits created by the Hole196 vulnerability, so make sure you keep these systems updated. If you don't already have a wireless IDS/IPS in place, consider it now.

Should You Be Concerned About Hole196?

Wi-Fi networks obviously abound throughout the world, and the technology has become one of the basic pieces of our communication infrastructure. Wi-Fi security fixes have transformed the niche Wi-Fi technology into a communication mainstay. We all use it—in our homes, in our airports, and in our public places. Many of our businesses rely upon it. The Hole196 vulnerability isn't going to change the preeminence of Wi-Fi: it will only help propel the evolution of its security technology.

 

Yet the tale of the Hole196 vulnerability should also be a reminder to us that all of our engineered technologies are imperfect and transient. Hole196 is a vulnerability that seems to have been created by a kind of neglect. It is a vulnerability that existed in a specification that stretches back to the roots of the IEEE 802.11 specification and was carried forward unnoticed until it was uncovered this past summer.

 

The Hole196 vulnerability is as arcane as any vulnerability can get: PTKs can detect address spoofing and data forgery; "GTKs do not have this property." That statement, found on page 196 of 1,232-page IEEE 802.11 standard, is the crux of the issue.

 

Should we take it seriously? Understanding it may be a measure of our skills as network administrators. Mitigating the threat is obviously something we should consider. Finding a remedy is certainly something that our Wi-Fi vendors are exploring. But actually fixing it?

 

There are probably a thousand other security issues that are more pressing and a million other threats that could potentially be more devastating. Yet Hole196 does in fact exist. And whether or not we fall into it, or how we treat other new vulnerabilities that we discover along the way, could be one of the defining factors of the future of Wi-Fi technology.

 

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: