|
MrMalone
Stranger
Registered: 10/16/17
Posts: 14
Last seen: 4 years, 1 month
|
KRACK attack renders WPA/WPA2 (WIFI) broken 1
#24720279 - 10/18/17 06:31 PM (6 years, 5 months ago) |
|
|
https://www.krackattacks.com/
Looks like a security researcher by the name of Mathy Vanhoef has found a critical exploit with WPA2 security... rendering all of our wireless networks vulnerable. I believe this attack works by exposing a weakness with the four-way handshake the client and the router have to confirm keys, opening ways for a hacker to use a man-in-the-middle attack against you and your private information.
Quote:
The attack works against all modern protected Wi-Fi networks
Seems like shit is going to hit the fan if this isn't fixed anytime soon...
|
Bacchus
Lurker
Registered: 10/10/06
Posts: 914
Loc: ::1
|
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: MrMalone] 1
#24720493 - 10/18/17 07:49 PM (6 years, 5 months ago) |
|
|
It's bad but not "hair on fire" bad. By repeating the 3rd packet from the handshake, the clients reuse the absolutely-never-reuse-this nonce. Then, the attacker can work out the state of the PRNG for that specific session between client and AP. The rest of your session will be decryptable. The attacker does not get your wifi password. The attacker does not get the ability to start scanning your network. All of your TLS connections underneath the WPA2 are still safe.
Using a home network with vulnerable clients is safer than going on public wifi with a patched client.
It's an attack against the client, so our wireless routers don't need to be updated. That's fortunate, because most of them have been abandoned by their manufacturers. Just update your phones and computers, and then you'll be fine. If you have a mesh network, then you definitely need to update the firmware to your nodes.
Windows and most Linux distros are already patched. I don't know about apple. Android is going to be the real problem. So many phones will never see another patch.
-------------------- Living on a no-Flash diet is way easier than you think. Give it a shot.
Edited by Bacchus (10/18/17 07:51 PM)
|
DieCommie
Registered: 12/11/03
Posts: 29,258
|
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: Bacchus]
#24720506 - 10/18/17 08:01 PM (6 years, 5 months ago) |
|
|
Thanks each of you for the news and description.
Where can I read more about this?
|
teknix
πβπ
’ππ
π°π‘ πΌπ⨻
Registered: 09/16/08
Posts: 11,953
|
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: DieCommie]
#24720798 - 10/18/17 10:33 PM (6 years, 5 months ago) |
|
|
Quote:
DieCommie said: Thanks each of you for the news and description.
Where can I read more about this?
Same, I'm intrigued.
|
MrMalone
Stranger
Registered: 10/16/17
Posts: 14
Last seen: 4 years, 1 month
|
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: teknix]
#24720991 - 10/19/17 01:17 AM (6 years, 5 months ago) |
|
|
Quote:
teknix said:
Quote:
DieCommie said: Thanks each of you for the news and description.
Where can I read more about this?
Same, I'm intrigued.
If you go onto the link I gave before, it outlines the general attack, then there's some more comprehensive stuff you can dig for. I think all tech news sites have listed it in pretty good non-jargon detail too. Here's some I found by a quick google
WHY THE KRACK WI-FI MESS WILL TAKE DECADES TO CLEAN UP
What You Should Know About the βKRACKβ WiFi Security Weakness
and here's a nice little video for your viewing pleasure.
Krack Attacks (WiFi WPA2 Vulnerability) - Computerphile
Happy reading!
|
LightRay
Lord Hubert
Registered: 07/18/17
Posts: 598
Last seen: 5 years, 11 months
|
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: MrMalone]
#24748903 - 10/30/17 11:59 PM (6 years, 4 months ago) |
|
|
Isn't WPA2 already easy to break into.
Hackers send a deauth packet to your router and then when you try to reconnect or your devices auto-reconnect they can then captchure the handshake and gain access that way.
As I understand It, its basically looking for the encrypted password and cloning it so the attacker can gain access and this is done by knocking you offline and and waiting for the reconnect.
-------------------- The secret to life is to put positive loving energy Into every thought and action you do <3 Be Aware. Believe. Be here now Everything is a reflection of ones self. Of God and you are God. All is conscious. All is consciousness. There is no death, only life. Your mission is to raise your vibration and every one else around you. Open Your Mind!
Edited by LightRay (11/01/17 11:47 AM)
|
Bacchus
Lurker
Registered: 10/10/06
Posts: 914
Loc: ::1
|
Re: KRACK attack renders WPA/WPA2 (WIFI) broken [Re: LightRay]
#24754592 - 11/02/17 01:41 PM (6 years, 4 months ago) |
|
|
That was WEP. RC4 was seeded with an initialization vector and the static key. Deauth (and magnified by reinjection) would force new IVs to be sent. The IV space was too small, so an attacker could force an IV reuse in just a few seconds. That allowed the key to be computed.
-------------------- Living on a no-Flash diet is way easier than you think. Give it a shot.
|
|