Security researchers have found a vulnerability in the WPA2 Enterprise security standard.
WPA2 is designed to encrypt data travelling across wireless networks from unauthorised snooping.
Md. Sohail Ahmed, the technology manager at security firm AirTight Networks, discovered the vulnerability named ‘Hole 196’. He says that the vulnerability can be exploited by an insider attack.
The researcher, who is planning to showcase the vulnerability during the Black Hat Arsenal and DEF CON 18 security conferences due next week in Las Vegas, explained that the vulnerability could be exploited by an authorised user of the network, and would allow them to decrypt other users' private data inject malicious code into traffic and hack into other authorised devices using open source software.
And there appears to be no immediate cure in sight for the security flaw. In a statement to Network World, Kaustubh Phanse, the head of wireless at AirTight said: “There's nothing in the standard to upgrade to in order to patch or fix the hole.”