WPA2 "Hole 196" vulnerability could spoof WI-Fi packets, compromise WLAN

Researchers have uncovered a vulnerability in WPA2 security protocol, part of 802.11 standard, termed as "Hole 196", can be exploited by attackers already authenticated to network, allows decryption of data sent by other users across Wi-Fi network.WPA2 uses two types of keys: 1) Pairwise Transient Key (PTK), which is unique to each client, for protecting […]

Researchers have uncovered a vulnerability in WPA2 security protocol, part of 802.11 standard, termed as "Hole 196", can be exploited by attackers already authenticated to network, allows decryption of data sent by other users across Wi-Fi network.

WPA2 uses two types of keys: 1) Pairwise Transient Key (PTK), which is unique to each client, for protecting unicast traffic; and 2) Group Temporal Key (GTK) to protect broadcast data sent to multiple clients in a network. PTKs can detect address spoofing and data forgery. "GTKs do not have this property," according to page 196 of the IEEE 802.11 standard.

The vulnerability arises when a malicious client uses the GTK to send spoofed packets to another user on the network. GTKs do not have the ability to detect spoofed packets, an ability which does exist in PTKs. The ability to exploit the vulnerability is limited to authorized users, AirTight says.

[Source]