ASUS TUF Gaming B760-PLUS WIFI D4 review
Netac NV7000 2 TB NVMe SSD Review
ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review
AMD Ryzen 9 7950X3D processor review
Extensive Vulnerability Discovered with WIFI WPA2 Security
Belgian investigators found a serious leak in the WPA2 security standard, WPA2 is commonly used to protect most Wi-Fi networks. The vulnerability was detailed by the Belgian researchers Mathy Vanhoef and Frank Piessens and was labeled as Key Reinstallation Attacks, short for KRACK.
The vulnerability allows criminals to hack into a password-protected network. For example, Internet traffic can be listened to. Some versions of the WPA2 protocol can even send malicious traffic to connected devices.Currently from the looks of it mostly Linux and Android devices seem to be the most effected.
In their paper (pdf), researchers say that "each wifi device is vulnerable to one of the variant an attacks". Android version 6.0 and newer devices are more vulnerable, because of an secondary bug in the operating system. "This makes it easy to intercept and manipulate traffic." The affected Android versions are about half of all Android devices that are in use worldwide. Google will be launching an Android update on November 6th. However, older devices do not get the latest security updates anymore and are likely to be vulnerable.
In the attack the encryption of a WPA2 connection is simply bypassed. This happens through an error in the handshake inbetween the devices and the Wi-Fi router. The discovery means that in theory all routers are as vulnerable as completely unsecured networks.
The leak can be diverted by making reuse of encryption keys impossible in the authentication process, according to the article of the researchers. An update can be made on the Wi-Fi router, or in the devices that are connected to it. If one of the two has a security update, the hack is no longer working.
It is advised that you currently first update the devices that connect to the network and then the network.
More info can be found here: https://www.krackattacks.com via nu.nl
Biffo
Member
Posts: 66
Joined: 2011-11-17
Member
Posts: 66
Joined: 2011-11-17
#5482216 Posted on: 10/16/2017 02:55 PM
Routers under Windows will be safe against this exploitation since most lock up for 24hrs after so many failed attempts plus no hacker gonna wait around for months or years till all the keys are decrypted.
Routers under Windows will be safe against this exploitation since most lock up for 24hrs after so many failed attempts plus no hacker gonna wait around for months or years till all the keys are decrypted.
sammarbella
Senior Member
Posts: 3929
Joined: 2014-12-09
Senior Member
Posts: 3929
Joined: 2014-12-09
#5482217 Posted on: 10/16/2017 02:55 PM
Don't worry that's only some billion devices affected...
researchers say that "each wifi device is vulnerable to one of the variant an attacks". Android version 6.0 and newer devices are more vulnerable, because of an secondary bug in the operating system. "This makes it easy to intercept and manipulate traffic." The affected Android versions are about half of all Android devices that are in use worldwide. Google will be launching an Android update on November 6th. However, older devices do not get the latest security updates anymore and are likely to be vulnerable.
Don't worry that's only some billion devices affected...
rl66
Senior Member
Posts: 3604
Joined: 2007-05-31
Senior Member
Posts: 3604
Joined: 2007-05-31
#5482232 Posted on: 10/16/2017 03:57 PM
Belgian investigators found a serious leak in the WPA2 security standard, WPA2 is commonly used to protect most Wi-Fi networks. The vulnerability was detailed by the Belgian researchers Mathy Vanhoe...
Extensive Vulnerability Discovered with WIFI WPA2 Security
yes Lilux sound better
... don't worry we understand typonese too.
More seriously most wireless system are just like a big door with "come in, it's open" written on it.
but despite that people want more of it, even in their car and in their credit card (btw 1st version of pay without touch were making card detected by bt/wifi sniffer ... imagine how security is taken seriously ...
)
Belgian investigators found a serious leak in the WPA2 security standard, WPA2 is commonly used to protect most Wi-Fi networks. The vulnerability was detailed by the Belgian researchers Mathy Vanhoe...
Extensive Vulnerability Discovered with WIFI WPA2 Security
yes Lilux sound better
... don't worry we understand typonese too.More seriously most wireless system are just like a big door with "come in, it's open" written on it.
but despite that people want more of it, even in their car and in their credit card (btw 1st version of pay without touch were making card detected by bt/wifi sniffer ... imagine how security is taken seriously ...
)
schmidtbag
Senior Member
Posts: 7236
Joined: 2012-11-10
Senior Member
Posts: 7236
Joined: 2012-11-10
#5482248 Posted on: 10/16/2017 04:55 PM
Unlike OS or software specific security issues, this is not something that should be made widely known. Most people who use WPA2 are not able to opt for something else or update their device in a useful way. So, I feel like Vanhoef and Piessens have just put waaaay more people at risk than they were before their discovery.
Think of it like this:
Imagine someone brings a backpack with a bomb in it in a shopping mall, and just leaves the backpack in the middle of the mall. Then an announcement is made that this backpack has a weapon in it. By letting everyone know that there is something deadly in that backpack, it dramatically increases the probability of someone with malicious intent from using it, possibly before security can diffuse the situation. If the announcement was never made, sure, somebody would've figured it out eventually, but the probability of the weapon being used would be dramatically decreased.
So the fact of the matter is, the situation was insecure no matter what, but because an announcement was made, that just made things a whole lot worse.
Unlike OS or software specific security issues, this is not something that should be made widely known. Most people who use WPA2 are not able to opt for something else or update their device in a useful way. So, I feel like Vanhoef and Piessens have just put waaaay more people at risk than they were before their discovery.
Think of it like this:
Imagine someone brings a backpack with a bomb in it in a shopping mall, and just leaves the backpack in the middle of the mall. Then an announcement is made that this backpack has a weapon in it. By letting everyone know that there is something deadly in that backpack, it dramatically increases the probability of someone with malicious intent from using it, possibly before security can diffuse the situation. If the announcement was never made, sure, somebody would've figured it out eventually, but the probability of the weapon being used would be dramatically decreased.
So the fact of the matter is, the situation was insecure no matter what, but because an announcement was made, that just made things a whole lot worse.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 214
Joined: 2014-06-11
KRACK ATTACK!