AirTight Demonstrates WIPS Detection and Location Methodology for WPA2 'Hole196' Exploit Presented at Black Hat and

Thu Aug 5, 2010 8:00am EDT

* Reuters is not responsible for the content in this press release.

AirTight Networks, the leading provider of wireless intrusion prevention
systems and services (WIPS), demonstrated the first detection and
location methodology against the WPA2 'Hole196.' The exploit was detailed
by senior wireless security researcher, Md Sohail Ahmad, last week at
Black Hat and DEFCON. The 'Hole 196' vulnerability exposes secured
wireless networks to a key 'loophole' that allows authorized users to:

--  Bypass WPA2 inter-user data privacy and decrypt data from other users
    in the network
--  Launch Man-in-the-Middle attacks
--  Launch Denial of Service (DoS)


"While there are several steps companies can take to mitigate this
threat in their infrastructure, a layered approach to security remains
the best practice," said Pravin Bhagwat, CTO of AirTight. "WIPS provides
a faster path for detecting and managing new threats until appropriate
software fixes and configuration changes are implemented in the

    Using AirTight's SpectraGuard Enterprise WIPS, organizations can:

--  detect anomalous traffic from authorized access points (APs) which
    could indicate the presence of a packet injection attack
--  physically locate the position of the attacker
--  gain forensics information on inter-client communication


While AirTight's findings indicate that this vulnerability is only
exploitable by an authorized user of the wireless network, they are of
concern because organizations are relying on WPA2 for its strong
encryption and authentication. And the footprint of such insider attacks
is limited to the air, making detection of such attacks difficult through
wire-side monitoring systems only. Indeed during its recent Webinar on
the subject, 86% of the almost 200 attendees responded to the poll
question, "Are you concerned about insider threats?" with a resounding

    "Although Hole196 is an insider attack, it demonstrates that security
measures in WLAN infrastructure can be bypassed in ways previously
thought not possible. A layered approach to security not only protects
against holes in WLAN defenses, but also protects against bigger and more
severe threats such as Rogue APs and Soft APs planted maliciously or
inadvertently by insiders," continued Bhagwat. 

    Indeed insider threats continue to be the biggest challenge to IT and
source of loss to the business. In the January 2010 Cybersecurity Watch
Survey by CERT, CSO and Deloitte noted, "51% of respondents who
experienced a cyber security event were still victims of an insider
attack," even though the top 15 security policies were aimed at
preventing insider attacks. Additionally, the report said that "Insider
incidents are more costly than external breaches," which makes such
insider vulnerabilities more concerning.

    Unlike the WPA-TKIP vulnerability (announced in November of 2008) that
was largely of theoretical interest, the 'Hole196' vulnerability can be
practically exploited using existing open source software as the basis. 

    AirTight presented a public Webinar yesterday to detail its findings and
demo the detection technique and will post the recording on its Website.
Additional information about the 'Hole196' vulnerability can be found at 

    About AirTight
 AirTight Networks is the global leader in wireless
security and compliance solutions providing customers best-of-breed
technology to automatically detect, classify, locate and block all
current and emerging wireless threats. AirTight offers both the
industry's leading wireless intrusion prevention system (WIPS) and the
world's first wireless vulnerability management (WVM)
security-as-a-service (SaaS). AirTight's award-winning solutions are used
by customers globally in the financial, government, retail,
manufacturing, transportation, education, health care, telecom, and
technology industries. AirTight owns the seminal patents for wireless
intrusion prevention technology with 18 U.S. patents granted or allowed,
two international patents granted (UK and Australia), and more than 20
additional patents pending. AirTight Networks is a privately held company
based in Mountain View, CA. For more information please visit

    AirTight Networks and the AirTight Networks logo are trademarks; AirTight
and SpectraGuard are registered trademarks of AirTight Networks, Inc. All
other trademarks are the property of their respective owners. 


Media Contact
Della Lowe
T: 650.934.8191 

Copyright 2010, Market Wire, All rights reserved.

Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.