Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Discussion in 'News Editions' started by V_R, Oct 16, 2017.

  1. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,122
    Location:
    127.0.0.1
    This looks to be very serious, especially if you're on Android or Linux.

    https://www.krackattacks.com/

    More:
    https://arstechnica.com/information...l-leaves-wi-fi-traffic-open-to-eavesdropping/
     
    V_R, Oct 16, 2017
    #1
    Taffycat likes this.
    1. Advertisements

  2. V_R

    IceFairyAmy

    Joined:
    Oct 15, 2017
    Likes Received:
    0
    Location:
    England
    Wow this is pretty bad, hopefully things get patched up at some point...
     
    IceFairyAmy, Oct 16, 2017
    #2
    1. Advertisements

  3. V_R

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    700
    Damn, it seems that everything has known vulnerabilities at this point :eek:. First Blueborne, now this.

    I wonder how long it'll take to get patches for routers, etc... out there.
     
    Ian, Oct 16, 2017
    #3
  4. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,122
    Location:
    127.0.0.1
    V_R, Oct 17, 2017
    #4
    Ian likes this.
  5. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,122
    Location:
    127.0.0.1
     
    V_R, Oct 17, 2017
    #5
  6. V_R

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    700
    That looked surprisingly easy, and quick to do :eek:.

    It looks like it would have to be a targeted attack though, and I don't connect to any WiFi I don't own or know well (i.e. not in hotels, cafes etc...) - so steps like that should hopefully help.

    At least Samsung will have a patch out in 2019 :rolleyes:.
     
    Ian, Oct 17, 2017
    #6
  7. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,122
    Location:
    127.0.0.1
    Yeah I rarely use public WiFi now anyway, even less so now...

    On the plus side it seems its a simple fix, but as you say its how long it takes for manufacturers to release said fix! *cough*Samsung*cough*

    I wonder what will happen to all the Android devices that are old and EOL, i doubt they will ever get patched as they don't even get the usual security updates after a while. That's the down side to Android and where Apple and iOS devices have a big advantage - the fragmentation.


    Edit: Ubiquiti have/are patching it as we speak: https://community.ubnt.com/t5/UniFi...37-for-UAP-USW-has-been-released/ba-p/2099365
     
    V_R, Oct 17, 2017
    #7
  8. V_R

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    700
    This is an area where I'd love to see legislation - i.e. manufacturers are force to support devices for up to x number of years for critical security flaws. Otherwise, we're going to churn through hardware or run insecure devices.
     
    Ian, Oct 17, 2017
    #8
  9. V_R

    Captain Jack Sparrow New Cruncher

    Joined:
    Jul 1, 2007
    Likes Received:
    97
    Location:
    On the Black Pearl
    Does this affect Wi-Fi hardware in general or the WPA2 protocol?

    The reason I ask is because WPA2 comes in two flavours - WPA2-PSK and WPA2-Enterprise.

    WPA2-PSK uses a simple password for all devices. That's vulnerable by nature and can be easily hacked.

    I personally use WPA2-Enterprise, which uses machine certificates to authenticate without needing a password. Additional Active Directory username and password authentication can also be implemented where required. Wouldn't this be much more complex to hack?

    - Capt. Jack Sparrow.
     
    Captain Jack Sparrow, Oct 17, 2017
    #9
  10. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,122
    Location:
    127.0.0.1
    Great video explaining the issue.

     
    V_R, Oct 18, 2017
    #10
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Ian
    Replies:
    4
    Views:
    3,351
    ChristopherP
    Jun 20, 2005
  2. Quadophile
    Replies:
    2
    Views:
    1,431
  3. Ian

    Adobe fixes critical Flash flaw

    Ian, Jun 14, 2010, in forum: News Editions
    Replies:
    4
    Views:
    6,253
    muckshifter
    Jun 14, 2010
  4. Becky

    LastPass security flaw identified

    Becky, Mar 30, 2017, in forum: News Editions
    Replies:
    0
    Views:
    626
    Becky
    Mar 30, 2017
  5. Becky
    Replies:
    5
    Views:
    689
    Becky
    Apr 12, 2017
Loading...