A "publicity stunt?" Major threat? Or easily contained?
Executives at AirTight are defending their description of a little-known "vulnerability" in the 802.11 standard in the face of criticism following their demonstration of a Wi-Fi exploit at the Black Hat security conference. One WLAN vendor called the claim a "publicity stunt."
Others are saying the attack, which can only be mounted by an internal authorized WLAN user, is so limited in scope that it would be easier for an attacker to just use the unattended computer in a neighbor’s cubicle or even bribe a fellow employee to access data.
"What those limitations really mean is that ‘YES’ there are much easier ways to get the data," says Jennifer Jabbusch, chief information security officer, Carolina Advanced Digital, a Cary, N.C. IT services company. "In a scenario like this, that data is most likely (more than 99.9% likely) to be [already] unencrypted on the wire. In addition to that, the close physical proximity [required] would mean an attacker could also just as easily walk over to the victim’s machine and load a tool to collect data while they’re at lunch or getting a soda in the break room. The wireless attack is ‘going around your butt to get to your elbow,’ as we say in the South."
She analyzed the AirTight exploit previously in her SecurityUncorked blog.
WLAN vendor Aruba Networks issued its own analysis, by Robbie Gill of the company’s engineering department, which concluded, "The attack scenario described by AirTight is well known and old news – it was, in short, a publicity stunt."
Yesterday’s detailed demonstration at Black Hat Arsenal, a demo area associated with the Black Hat info security conference, confirmed nearly all of the details that Jabbusch and others had been expecting. [See: "Wi-Fi WPA2 vulnerability FAQ".] It did little to convince observers that the exploit constituted a serious threat to enterprise wireless LAN security.