Jump to content


Photo

How the KRACK attack destroys nearly all Wi-Fi security


  • Please log in to reply
8 replies to this topic

#1 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 16 October 2017 - 05:41 PM

How the KRACK attack destroys nearly all Wi-Fi security
Android 6.0 hit especially hard, but all devices are vulnerable.

Sean Gallagher - Oct 16, 2017 3:58 pm UTC

A paper by two Belgian researchers has cast more light on the vulnerabilities discovered in the Wi-Fi Protected Access II (WPA2) implementations on most, if not all, wireless networking devices that use the protocol. Dubbed "KRACK" (Key Reinstallation AttaCK), the attack "abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key," wrote Mathy Vanhoef and Frank Piessens of the Katholieke Universiteit Leuven (KU Leuven) in the paper, released today.

Read the full article here:
https://arstechnica....wi-fi-security/

 

 



#2 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 16 October 2017 - 05:47 PM

Read in addition also please:
 

 

Serious flaw in WPA2 protocol lets attackers intercept passwords and much more
KRACK attack is especially bad news for Android and Linux users.

Dan Goodin - Oct 16, 2017 4:37 am UTC

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.

More to read:
https://arstechnica....-eavesdropping/

 



#3 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 16 October 2017 - 05:48 PM

Another related article:

 

KRACK Attack Devastates Wi-Fi Security
by Michael Mimoso October 16, 2017 , 10:16 am
Categories: Privacy, Vulnerabilities    

The KRACK, or key reinstallation attack, disclosed today allow attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration.

More:
https://threatpost.c...ecurity/128461/

 



#4 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 16 October 2017 - 05:49 PM

Wifi networks are vulnerable to hacking WPA KRACK attack

The KRACK attack allows an attacker to decrypt information included in protected WPA2 traffic. WPA2 standard has been compromised! Boffins have discovered several key management flaws in the core of Wi-Fi Protected Access II (WPA2) protocol that could...

October 16, 2017  By Pierluigi Paganini   Posted In  Breaking News  Hacking  

http://securityaffai...ack-attack.html

 



#5 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 16 October 2017 - 06:19 PM

Microsoft has patched Windows against the KRACK Wi-Fi vulnerability -- Google will secure Android soon
By Mark Wycislik-Wilson
2017-10-16

Earlier today, news broke about the KRACK vulnerability that affects the WPA2 protocol. Security researchers have warned that the problem affects millions of devices running everything from Windows to Android and Linux.
Microsoft has announced that it has already released a security patch to fix the vulnerability in Windows. Google says that a patch for affected Android devices will be released "in the coming weeks."

See the full details:
https://betanews.com...ack-wpa2-patch/

 



#6 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 16 October 2017 - 06:25 PM

KRACK warning: Severe WPA2 security vulnerability leaves millions of devices open to attack

By Mark Wycislik-Wilson
Published 2017-10-16

A severe security warning has been issued after Belgium researchers managed to exploit a serious vulnerability in the WPA2 wireless protocol.
Known as KRACK (Key Reinstallation Attacks), the vulnerability makes it possible to eavesdrop on Wi-Fi traffic. Millions and millions of devices are at risk -- Windows, Linux, Android and more -- but it is not known whether there is an active exploit in the wild yet. Details about the vulnerability were due to be released at 8:00AM ET (1:00PM BST), but the research paper has now been published early after someone leaked a draft version.

Get more details:
https://betanews.com...-vulnerability/

 



#7 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 18 October 2017 - 06:38 PM

One more article about that problem:
 

 

16 Oct 17
What You Should Know About the ‘KRACK’ WiFi Security Weakness

Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it.

Have a look at the full article :
https://krebsonsecur...urity-weakness/

 

 



#8 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,054 posts

Posted 19 October 2017 - 07:20 PM

Check here if your router vendor is affected and get information about updates:

http://www.kb.cert.o...9&SearchOrder=4

 

Advice from D-Link: "It is highly recommended to use encrypted communications protocols such as VPN or HTTPS, especially when delivering confidential information."



#9 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,547 posts

Posted 21 October 2017 - 07:40 PM

Cisco Warns 69 Products Impacted by KRACK
by Tom Spring October 20, 2017 , 7:00 am

Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK).
On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.

More details on that:
https://threatpost.c...y-krack/128546/