Main Area and Open Discussion > Living Room

KRACK - WPA2 Vulnerability Exposed

(1/2) > >>

TucknDar:
This subject is beyond me, but I was a little surprised to see that there wasn't a thread on this already...

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.-https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
--- End quote ---

Some more on this:

https://www.krackattacks.com/

In layman's terms, to an end user, what are the potential harm that can be done, according to the wise world of DC'ers?

Edit: To answer this myself, straight from the source:

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.   This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded.-https://www.krackattacks.com/
--- End quote ---

ewemoa:
Here is some info regarding updates:

  https://www.windowscentral.com/vendors-who-have-patched-krack-wpa2-wi-fi-vulnerability

There is ongoing discussion here:

  https://www.reddit.com/r/linux/comments/76pgz3/krack_attacks_bypassing_wpa2_against_android_and/

For the curious, the following has a kind of "description" of how one of the attacks might be carried out:

  https://www.xda-developers.com/wpa2-wifi-protocol-vulnerability-krack/

Deozaan:
This is pretty terrible for devices that are old enough to no longer be supported by the manufacturer.

I guess I'm going back to WEP. :P

Tuxman:
Windows is - as always - more secure than that Linux thingy.

Arizona Hot:
KRACK - WPA2 Vulnerability Exposed

Microsoft shuts down Krack with sneaky Windows update

Navigation

[0] Message Index

[#] Next page