Announcements > News Articles
KRACK Attack – Internet Panics Over Big Wi-Fi Flaws in WPA2 Security
Bowdon:
https://www.ispreview.co.uk/index.php/2017/10/krack-attack-internet-panics-big-wi-fi-flaws-wpa2-security.html
--- Quote ---Security researchers have revealed bad news for WiFi wireless networks everywhere. Several key management vulnerabilities in the 4-way handshake of the WPA2 security protocol, which helps to keep modern Wireless Local Area Networks (WLAN) secure via encryption, have been found.
Hopefully by now everybody has ensured that their home wireless network and devices are all connected using the latest Wi-Fi Protected Access II (WPA2) method of encryption, which has so far served us all well. The bad news is that a string of new vulnerabilities have been discovered that could result in WPA2 secured networks being decrypted, hijacked and generally abused (it works against both WPA1 and WPA2 – personal and enterprise networks – and against any cipher suite being used like WPA-TKIP, AES-CCMP and GCMP).
As the US Computer Emergency Readiness Team (US-CERT) states, “The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”
The details of all this are due to be published shortly via several vulnerability announcements (CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088) and the collection of flaws are being referred to as KRACK (aka – Key Reinstallation Attacks). A dedicated website has even been setup by the researchers to provide information on the incoming problem – https://www.krackattacks.com.
--- End quote ---
Apparently this is more focused towards Android and the advice is to update the software. Though the problem with androids are the updates dont get rolled out to everyone. I've not had an update in ages on my phone.
sevenlayermuddle:
This does sound like a pretty big issue. :o
But.. From the Beeb’s version, it’s unclear why Android and Linux are in the spotlight. It’s a defect in the standards, so would affect all implementations.
http://www.bbc.co.uk/news/technology-41635516
I can only imagine, maybe Chinese whispers, and a desire to create a good headline...
“It affects routers.”
“What’s a Router, is it a Microsoft thing?”
“No, most are Linux based.”
“What, like Android? So this one affects Linux and Android. Let’s go to print... “
That said, I am confident that Apple will fix iOS and Mac OS if they are affected, but I’ll wait with interest to see how long it will take for Billion to fix my Linux router, Panasonic to fix my Linux TV, etc etc... ::)
Chrysalis:
They will put a fix in a new model so you have to buy the fix, if I could have then I would have move my access point to pfsense but sadly still reliant on propriety kit.
sevenlayermuddle:
I might buy be persuaded a new router, as mine’s about 4 years old. If I were an Android phone user I might be persuaded to buy a new one because they are not that expensive, and ‘new’ always has benefit of new toys.
But I’m not about to replace the big TV that’s screwed to my wall, I regard that as Pananonic’s problem, and one that they should fix, if appropriate.
I’m no lawyer but I strongly suspect, this being an error in the WiFi standards, it would automatically be accepted as a fault that was present when the TV sold, hence subject to the six year coverage of Sale of Goods Act...
Reference to Panasonic is purely as example of course. I have no particular reason to assume their products are affected by this issue other than assumption (they are Linux based) and same issue may affect other consumer goods too, Linux or not. :)
Chrysalis:
my android phone cost more than my tv ;)
Navigation
[0] Message Index
[#] Next page
Go to full version