In general, it would be more correct to say that the WPA2 security protocol was cracked, so extensive security vulnerabilities were found by network security specialists from AirTight Networks. They proved that the data protection protocol WPA2, the most common now in WiFi networks, can be hacked to get any information from such a network. In addition, experts say that the vulnerability can help hackers attack various resources using the capabilities of a hacked network.
So, the discovered vulnerability was applicable to all wireless networks that are compatible with the IEEE802.11 Standard (Revision, 2007). The vulnerability received its own name - Hole 196 (I wonder why - were the predecessors under the number 195, 194 ...?). In general, this vulnerability is so interesting and dangerous that they are going to demonstrate it at the Defcon 18 conference, which will be held in Las Vegas this week. You can imagine the alarm that will rise in the ranks of the "security men" when the exploit is posted to the public.
Yes, they are really going to share it in order to show the possibilities of the created exploit and force the standardizing bodies to close the found “hole” as soon as possible. Of course, I would question the possibility of the quick work of these very organs. But even if the hole is very quickly closed, it still doesn’t remain a huge amount of equipment and software affected by this vulnerability. And there is no doubt that after a year or two after this event there will remain IT leaders who have not heard of anything. In general, the old song ...
So, the discovered vulnerability was found when using an attack like Man-in-the-middle. A person logged in to such a network and using an exploit will be able to intercept and decrypt data transmitted within the network. In addition, when using this "hole", it becomes possible to substitute MAC addresses. Thus, information can be transferred to fake client systems, and this also allows using the resources of a hacked network to attack various web resources without special fear of being detected.
As you can see, the vulnerability is quite serious, and after the exploit is posted on the Web, they are clearly not taken aback by various curious hackers. Unfortunately, before the conference, where the vulnerability will be demonstrated, accurate data on the technology will not be provided.
And here is the source