Enero 24, 2018

All Wi-Fi devices exposed by "devastating" WPA2 exploit

16 Octubre 2017, 05:22 | Bibiana Flor

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Google WiFi Rooter

The KRACK (key reinstallation attacks) research claims this weakness could not only be used to intercept data travelling between your phone and the wi-fi access point, such as passwords and credit card numbers, but also to inject malicious software into websites. According to a security researcher who spoke to Ars Technica, hackers can compromise encryption around Wi-Fi traffic by establishing a key for encrypting such traffic in certain ways.

In order to prevent your device from the cybercriminals, you need to update your system as and when the latest security updates are available. This means that, while routers may be vulnerable, the priority for users will be to update clients, such as laptops, smartphones, IoT devices and the like.

"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others", US-CERT warned vendors on August 28.

To minimize connection problems, the WPA and WPA2 standards let the router transmit the one-time key as many as three times if it does not receive an acknowledgement from the client device that the one-time key was received.

As a quick WPA refresher, the password you type in to connect to an access point using WPA2 is not directly used as the encryption key for the network traffic your device exchanges with the access point. The user needs to be within Wi-Fi range of a smartphone or laptop to attack it.

While this encryption key is meant to be unique the WPA2 protocol allows an attacker to manipulate the handshake and reuse a key as Vanhoef discovered.

Vanhoef wrote: "The attack works against all modern protected Wi-Fi networks". The key reinstallation attack against is "exceptionally devastating" Linux and Android 6.0, he notes.

A staggering number of devices across the globe are likely to be exposed to attack due to WPA2 breach, which occurred at 7 a.m. EDT Sunday.

This morning everyone is waking up to discover their Wi-Fi security is vulnerable to attack. Multiple vendors have already issued patches to fix the issues.

Vanhoef says his findings center on 10 specific flaws, each of which has been assigned a Common Vulnerabilities and Exposures identifier and help track affected products.

Furthermore, this is primarily an attack against clients; devices connected to a network, not routers. So, nearly every Wi-Fi network could have been compromised.

Although Vanhoef suggests that the attack is most impactful against the four-way handshake, the same exploit can also be employed against the group key, PeerKey, TDLS and Fast BSS Transition handshakes as well.

"Until the issue is fixed via a router firmware update - if possible - or WPA2 is superseded, everyone should adopt an additional level of caution when sending sensitive information to online servers", he said. On Sunday, the United States Computer Emergency Readiness Team (US CERT) issued a warning that the organization has stumbled upon various management issues in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol.

However, it may be hard to update some older Wi-Fi routers. "This creates an encrypted tunnel between your device and a VPN server which then routes you onto whatever website or app you are trying to access".

Otras noticias

Tendencias Ahora

Furious Iran hits back at Trump over nuclear deal row
Rouhani assured Macron that Iran in turn "will continue to carry out its commitments" in the nuclear accord, the Elysee said. He said that would have allowed the be tougher on Iran when it comes to its "misbehavior" and support of terrorism.

Trinidad insist U.S. game on despite water-logged pitch
OR they lose at Trinidad & Tobago AND Panama beats Costa Rica (by any scoreline) AND Honduras beats Mexico (by any scoreline). The U.S. team consists of 17 players who play in Major League Soccer, three each in England and Mexico and two in Germany.

Trump: We can't aid Puerto Rico forever
Puerto Rico was already suffering from a lengthy recession and its government was beset with fiscal struggles to begin with. People have been trapped in their homes, debris blocking any attempt to escape. "So we are keeping them there".

Amazon's new Kindle Oasis is Waterproof and $40 Cheaper than the Original
You still get two physical page-turn buttons alongside the display, or alternatively you can just tap the touchscreen. If there's one feature Amazon's range of e-readers has been in desperate need of over the years, it's waterproofing .

Oculus redesigns the Rift interface for Touch and customization
One of the most compelling parts of Dash will be the ability to access any desktop application within the VR environment. By the end of 2017, Oculus Rift will have a brand new dashboard to help you navigate and customise your VR experience.

The Internet Is Obsessed with Ryan Gosling's Jackets
The bones appear human , but they actually belong to a replicant. "And you could wonder about the integrity of that yearning". Even if we never see it play out, it's a safe bet that humanity has some problems coming its way.

James McClean's Moment of Passion After Clinching World Cup Play-Off Place
The return fixture is Tuesday night, with the Swiss knowing a point will see them advance to Russian Federation . The five matches in Dublin brought only eight points, with wins only coming against Georgia and Moldova.

Jose Altuve gets intentionally walked twice in Game 2 win
He ended the at-bat with a 91-mph four-seamer over the heart of the plate that Correa demolished 419 feet for a two-run homer . However, they return to Fenway Park empty-handed, with one more loss ending their season earlier than they had hoped.

Spain's Abertis, Colonial Flee Catalonia as Independence Looms
The impact on the region could grow with a knock-on effect on banks' various subsidiaries, insurers and property firms. France , which borders Catalonia , said on Monday it would not recognize a unilateral independence declaration.

Trump 'Doing All the Right Things' on North Korea — Kinzinger
US Defence Secretary James Mattis warned the US Army to "stand ready" for any attack from North Korea. So far, of course, the battle has been one of words.