Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Discussion in 'News Editions' started by V_R, Oct 16, 2017.

  1. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,328
    Location:
    127.0.0.1
    This looks to be very serious, especially if you're on Android or Linux.

    https://www.krackattacks.com/

    More:
    https://arstechnica.com/information...l-leaves-wi-fi-traffic-open-to-eavesdropping/
     
    V_R, Oct 16, 2017
    #1
    Taffycat likes this.
    1. Advertisements

  2. V_R

    IceFairyAmy

    Joined:
    Oct 15, 2017
    Likes Received:
    0
    Location:
    England
    Wow this is pretty bad, hopefully things get patched up at some point...
     
    IceFairyAmy, Oct 16, 2017
    #2
    1. Advertisements

  3. V_R

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    840
    Damn, it seems that everything has known vulnerabilities at this point :eek:. First Blueborne, now this.

    I wonder how long it'll take to get patches for routers, etc... out there.
     
    Ian, Oct 16, 2017
    #3
  4. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,328
    Location:
    127.0.0.1
    V_R, Oct 17, 2017
    #4
    Ian likes this.
  5. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,328
    Location:
    127.0.0.1
     
    V_R, Oct 17, 2017
    #5
  6. V_R

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    840
    That looked surprisingly easy, and quick to do :eek:.

    It looks like it would have to be a targeted attack though, and I don't connect to any WiFi I don't own or know well (i.e. not in hotels, cafes etc...) - so steps like that should hopefully help.

    At least Samsung will have a patch out in 2019 :rolleyes:.
     
    Ian, Oct 17, 2017
    #6
  7. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,328
    Location:
    127.0.0.1
    Yeah I rarely use public WiFi now anyway, even less so now...

    On the plus side it seems its a simple fix, but as you say its how long it takes for manufacturers to release said fix! *cough*Samsung*cough*

    I wonder what will happen to all the Android devices that are old and EOL, i doubt they will ever get patched as they don't even get the usual security updates after a while. That's the down side to Android and where Apple and iOS devices have a big advantage - the fragmentation.


    Edit: Ubiquiti have/are patching it as we speak: https://community.ubnt.com/t5/UniFi...37-for-UAP-USW-has-been-released/ba-p/2099365
     
    V_R, Oct 17, 2017
    #7
  8. V_R

    Ian Administrator

    Joined:
    Feb 23, 2002
    Likes Received:
    840
    This is an area where I'd love to see legislation - i.e. manufacturers are force to support devices for up to x number of years for critical security flaws. Otherwise, we're going to churn through hardware or run insecure devices.
     
    Ian, Oct 17, 2017
    #8
  9. V_R

    Captain Jack Sparrow Anti-cryptominer

    Joined:
    Jul 1, 2007
    Likes Received:
    104
    Location:
    On the Black Pearl
    Does this affect Wi-Fi hardware in general or the WPA2 protocol?

    The reason I ask is because WPA2 comes in two flavours - WPA2-PSK and WPA2-Enterprise.

    WPA2-PSK uses a simple password for all devices. That's vulnerable by nature and can be easily hacked.

    I personally use WPA2-Enterprise, which uses machine certificates to authenticate without needing a password. Additional Active Directory username and password authentication can also be implemented where required. Wouldn't this be much more complex to hack?

    - Capt. Jack Sparrow.
     
    Captain Jack Sparrow, Oct 17, 2017
    #9
  10. V_R

    V_R ¯\_(ツ)_/¯ Moderator

    Joined:
    Jan 31, 2005
    Likes Received:
    1,328
    Location:
    127.0.0.1
    Great video explaining the issue.

     
    V_R, Oct 18, 2017
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.