topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 10:19 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: KRACK - WPA2 Vulnerability Exposed  (Read 9012 times)

TucknDar

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 1,133
    • View Profile
    • Donate to Member
KRACK - WPA2 Vulnerability Exposed
« on: October 16, 2017, 01:45 PM »
This subject is beyond me, but I was a little surprised to see that there wasn't a thread on this already...

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

Some more on this:

https://www.krackattacks.com/

In layman's terms, to an end user, what are the potential harm that can be done, according to the wise world of DC'ers?

Edit: To answer this myself, straight from the source:

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.   This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded.

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: KRACK - WPA2 Vulnerability Exposed
« Reply #1 on: October 16, 2017, 08:20 PM »
Here is some info regarding updates:

  https://www.windowsc...-wi-fi-vulnerability

There is ongoing discussion here:

  https://www.reddit.c...against_android_and/

For the curious, the following has a kind of "description" of how one of the attacks might be carried out:

  https://www.xda-deve...vulnerability-krack/

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,747
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: KRACK - WPA2 Vulnerability Exposed
« Reply #2 on: October 16, 2017, 09:45 PM »
This is pretty terrible for devices that are old enough to no longer be supported by the manufacturer.

I guess I'm going back to WEP. :P

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,466
    • View Profile
    • Donate to Member
Re: KRACK - WPA2 Vulnerability Exposed
« Reply #3 on: October 17, 2017, 07:15 AM »
Windows is - as always - more secure than that Linux thingy.

Arizona Hot

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 3,181
    • View Profile
    • Donate to Member
Re: KRACK - WPA2 Vulnerability Exposed
« Reply #4 on: October 17, 2017, 02:58 PM »

Edvard

  • Coding Snacks Author
  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 3,017
    • View Profile
    • Donate to Member
KRACK WPA2 Wi-Fi exploit
« Reply #5 on: October 17, 2017, 05:23 PM »
Another day, another exploit, another patch to apply...
Wi-fi security flaw 'puts devices at risk of hacks'
The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack.



from CodeProject News

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
Re: KRACK - WPA2 Vulnerability Exposed
« Reply #6 on: October 18, 2017, 03:28 AM »
Fun quote at the bottom of the krackattacks page:

So you expect to find other Wi-Fi vulnerabilities?

“I think we're just getting started.”  — Master Chief, Halo 1

The "Assigned CVE Identifiers" section mentioned 10 ids at the time of this writing :)

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: KRACK - WPA2 Vulnerability Exposed
« Reply #7 on: October 30, 2017, 05:21 AM »