AirTight networks has recently announced that it has discovered a new vulnerability in  Wi-Fi Protected Access (WPA) Wi-Fi networks. Since the vulnerability is mentioned on the last line on page 196 of the 1232-page IEEE 802.11 Standard (Revision, 2007), the company named it ‘Hole196.’

Hole196 does not involve any key cracking. Exploiting Hole196, a malicious insider can compromise the targeted machine with malware injection, Man-in-the-Middle or DoS attacks. Thus, the targeted user can be devoid of network services (DoS) or can end up in leaking some personal or corporate confidential information to the malicious insider (Man-in-the-Middle).

Also, successful injection of malware in the target machine can compromise the machine in various other ways and there can be a potential danger of malware spread to other machines on the corporate network.

Also, the scope of attack launched using Hole196 is limited to the wireless side only, and hence installed Wired IDS/IPS systems would be unable to detect attacks launched based on Hole196. 

According to AirTight Networks as compared to Temporal Key Integrity Protocol (TKIP) vulnerability, which was limited to only WPA TKIP deployments, Hole196 can plague all WPA and WPA2 configurations. Also, TKIP vulnerability was largely of theoretical interest and was difficult to exploit for launching any practical attacks. However, Hole196 can be exploited easily by a malicious insider to his advantage and thus has practical implications.

According to the company, there is currently no immediate patch available in the standard to fix the same.