Enero 18, 2019

All Wi-Fi devices exposed by "devastating" WPA2 exploit

16 Octubre 2017, 05:22 | Bibiana Flor

The KRACK (key reinstallation attacks) research claims this weakness could not only be used to intercept data travelling between your phone and the wi-fi access point, such as passwords and credit card numbers, but also to inject malicious software into websites. According to a security researcher who spoke to Ars Technica, hackers can compromise encryption around Wi-Fi traffic by establishing a key for encrypting such traffic in certain ways.

In order to prevent your device from the cybercriminals, you need to update your system as and when the latest security updates are available. This means that, while routers may be vulnerable, the priority for users will be to update clients, such as laptops, smartphones, IoT devices and the like.

"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others", US-CERT warned vendors on August 28.

To minimize connection problems, the WPA and WPA2 standards let the router transmit the one-time key as many as three times if it does not receive an acknowledgement from the client device that the one-time key was received.

As a quick WPA refresher, the password you type in to connect to an access point using WPA2 is not directly used as the encryption key for the network traffic your device exchanges with the access point. The user needs to be within Wi-Fi range of a smartphone or laptop to attack it.

While this encryption key is meant to be unique the WPA2 protocol allows an attacker to manipulate the handshake and reuse a key as Vanhoef discovered.

Vanhoef wrote: "The attack works against all modern protected Wi-Fi networks". The key reinstallation attack against is "exceptionally devastating" Linux and Android 6.0, he notes.

A staggering number of devices across the globe are likely to be exposed to attack due to WPA2 breach, which occurred at 7 a.m. EDT Sunday.

This morning everyone is waking up to discover their Wi-Fi security is vulnerable to attack. Multiple vendors have already issued patches to fix the issues.

Vanhoef says his findings center on 10 specific flaws, each of which has been assigned a Common Vulnerabilities and Exposures identifier and help track affected products.

Furthermore, this is primarily an attack against clients; devices connected to a network, not routers. So, nearly every Wi-Fi network could have been compromised.

Although Vanhoef suggests that the attack is most impactful against the four-way handshake, the same exploit can also be employed against the group key, PeerKey, TDLS and Fast BSS Transition handshakes as well.

"Until the issue is fixed via a router firmware update - if possible - or WPA2 is superseded, everyone should adopt an additional level of caution when sending sensitive information to online servers", he said. On Sunday, the United States Computer Emergency Readiness Team (US CERT) issued a warning that the organization has stumbled upon various management issues in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.

However, it may be hard to update some older Wi-Fi routers. "This creates an encrypted tunnel between your device and a VPN server which then routes you onto whatever website or app you are trying to access".

Otras noticias

Tendencias Ahora

President Trump Tells Democrats to 'Call Me' to Fix Obamacare
Association health plans allow small-business owners, trade groups and others to purchase health insurance packages collectively. The company bought a smaller competitor, Universal American, to focus even more on the growing Medicare Advantage market.

James McClean's Moment of Passion After Clinching World Cup Play-Off Place
The return fixture is Tuesday night, with the Swiss knowing a point will see them advance to Russian Federation . The five matches in Dublin brought only eight points, with wins only coming against Georgia and Moldova.

Facebook Introduces 'Oculus Go' standalone VR headset that Costs $199
The American company hopes a better response for this new VR after the Oculus Rift headset, which was launched in March 2016. Oculus Go features: What's new? Those who didn't have this phone couldn't experience the Facebook's virtual reality.

Amazon's new Kindle Oasis is Waterproof and $40 Cheaper than the Original
You still get two physical page-turn buttons alongside the display, or alternatively you can just tap the touchscreen. If there's one feature Amazon's range of e-readers has been in desperate need of over the years, it's waterproofing .

Trinidad insist U.S. game on despite water-logged pitch
OR they lose at Trinidad & Tobago AND Panama beats Costa Rica (by any scoreline) AND Honduras beats Mexico (by any scoreline). The U.S. team consists of 17 players who play in Major League Soccer, three each in England and Mexico and two in Germany.

This time vs Astros, Yanks again try to overcome 2-0 deficit
Astros left fielder Marwin Gonzalez had quite an evening Friday - on and off the field. The two met during the 2015 AL wildcard game in which Keuchel and Houston won 3-0.

Donald Trump challenges Rex Tillerson to compare IQs after alleged 'moron' jibe
The Washington Post cataloged several such instances in a piece published on Tuesday. "I'm not undermining", Trump replied. He added: "I also have another bill ... an economic development bill, which I think will be fantastic".

Fans grab Astros gear after Houston advances to ALCS
Kelly pitched the third, and then Price scattered four hits and a walk while throwing 57 pitches in his longest outing since July. The Astros will play the victor of the Yankees-Indians series in the American League Championship Series beginning on October 13.

Paul Dougan: If not now, when will we address guns?
The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), a division of the Department of Justice , administers the GCA. So that you can lock your gun and that only you and those authorized can unlock and shoot and locate it when misplaced.

Photos of damage from wildfires in Northern California show devastation
Among the dead in Napa were a couple aged 99 and 100 years old who had been married for 75 years, KTVU-TV said . About 94,000 Pacific Gas and Electric's customers remained without power early Tuesday, NBC News reported .