MITM attack against WPA2-Enterprise?
Steven Bellovin
smb at cs.columbia.edu
Mon Jul 26 21:42:53 EDT 2010
>
> I don't know, if it is truly only a ten line change to a common WPA2
> driver to read, intercept and alter practically any traffic on the
> network even in enterprise mode, that would seem like a serious issue
> to me. Setting up the enterprise mode stuff to work is a lot of time
> and effort. If it provides essentially no security over WPA2 in shared
> key mode, one wonders what the point of doing that work is. This
> doesn't seem like a mere engineering compromise.
If I understand the problem correctly, it doesn't strike me as particularly serious. Fundamentally, it's a way for people in the same enterprise and on the same LAN to see each other's traffic. A simple ARP-spoofing attack will do the same thing; no crypto needed. Yes, that's a more active attack, and in theory is somewhat more noticeable. In practice, I suspect the actual risk is about the same.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list