Wi-Fi has been hacked

Newsfeed

Newsfeed

MyBroadband Newsfeed
Staff member
Joined
Jun 28, 2017
Messages
6,805
Reaction score
648
Wi-Fi has been hacked

Security researchers will release a proof-of-concept attack on the Wi-Fi Protected Access II (WPA2) protocol today, which lets attackers eavesdrop on traffic between devices and access points, reported Ars Technica.
 
Another reason why one should use wi-fi only for mobility and not in any situation where good old fashioned wired connections are possible.
 
So is this all devices that allow it or only some?
 
Oh gosh! This is not good.

Luckily my entire infrastructure is Ubiquity so they should be on top of it once it is announced.
 
Hmm, how can they get past the AES encryption, or does the keys get exchanged during the handshake, in that case this is a huge exploit....
 
FaSMaN said:
Hmm, how can they get past the AES encryption, or does the keys get exchanged during the handshake, in that case this is a huge exploit....
Click to expand...

You will not get the actual password, but easily hijack a Wi-Fi connection and be connected to the Wi-Fi. A lot more can be done.
Lot will put MAC Address filtering but that can be spoof/faked. So yes most are doomed:D.

My Home Wifi Is fully secured, uses private/public key manually with AES Encryption. Pain in the ass to setup but I expected this day to come. Time to send emails 'I TOLD YOU SO'.
 
this has been around for a while, but making things public usually takes some time
 
More information, and speculation, over at Reddit:
https://www.reddit.com/r/sysadmin/comments/76lj5q/this_is_a_core_protocollevel_flaw_in_wpa2_wifi/

Any news from Telkom, Rain, Mweb about updates to their devices?

Vendors (overseas) were informed in August.
https://twitter.com/kennwhite/status/919654056137756672

patches have already been released by some vendors, but they're workarounds at best. This is a protocol design flaw.
Click to expand...
https://twitter.com/kennwhite/status/919745625729708032

Lovely quote :-/
flaw in the 4-way handshake. As I understand it, in many cases, this will be: "Throw your router away and buy a new one."
Click to expand...
https://twitter.com/kennwhite/status/919525719927087104
 
Will device isolation at least stop LAN attacks on connected devices? Hope so.
 
What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Click to expand...

Because Android uses wpa_supplicant, Android 6.0 and above also contains this vulnerability. This makes it trivial to intercept and manipulate traffic sent by these Linux and Android devices. Note that currently 41% of Android devices are vulnerable to this exceptionally devastating variant of our attack.
Click to expand...

https://www.krackattacks.com/
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X