Austin, Texas - July 29, 2010 - The Wi-Fi Alliance takes seriously any reports of security concerns on Wi-Fi networks. Because the full details of the "Hole 196" attack were not provided for adequate industry scrutiny, further study is needed. However, the exploit, which leverages a technique called ARP* Spoofing, is clearly based on a long-standing and well-understood vulnerability that exists on wired and wireless networks alike. ARP Spoofing does not recover keys for Wi-Fi's WPA2-AES or WPA-TKIP encryption, and is possible only when explicitly authorized network users abuse their access.
We encourage IT administrators to carefully monitor who is granted access to their networks.
As more information becomes available regarding the purported issue, it will be subjected to the same review and evaluation the Wi-Fi Alliance provides to any security-related topic.
*ARP: Address Resolution Protocol