WTF ... IS WTF!?
We are a collective of people who believe in freedom of speech, the rights of individuals, and free pancakes! We share our lives, struggles, frustrations, successes, joys, and prescribe to our own special brand of humor and insanity. If you are looking for a great place to hang out, make new friends, find new nemeses, and just be yourself, WTF.com is your new home.

'All wifi networks' are vulnerable to hacking, security expert discovers

Jason

Voorhees a jolly good fellow!
Founder
6,866
5,114
537
The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.

Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.

“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.

Vanhoef emphasised that the attack works against all modern protected wifi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

The vulnerability affects a number of operating systems and devices, the report said, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others.

“If your device supports wifi, it is most likely affected,” Vanhoef wrote. “In general, any data or information that the victim transmits can be decrypted … Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website).”

Vanhoef gave the weakness the codename Krack, short for Key Reinstallation AttaCK.

Britain’s National Cyber Security Centre said in a statement it was examining the vulnerability. “Research has been published today into potential global weaknesses to wifi systems. The attacker would have to be physically close to the target and the potential weaknesses would not compromise connections to secure websites, such as banking services or online shopping.

“We are examining the research and will be providing guidance if required. Internet security is a key NCSC priority and we continuously update our advice on issues such as wifi safety, device management and browser security.”

The United States Computer Emergency Readiness Team (Cert) issued a warning on Sunday in response to the vulnerability.

“The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others,” the alert says, detailing a number of potential attacks. It adds that, since the vulnerability is in the protocol itself, rather than any specific device or software, “most or all correct implementations of the standard will be affected”.

The development is significant because the compromised security protocol is the most secure in general use to encrypt wifi connections. Older security standards have been broken in the past, but on those occasions a successor was available and in widespread use.

Want to learn more? Source: The Guardian
 
  • Helpful
Reactions: -=iNsANe=-ADJ

BRiT

CRaZY
Founder
11,915
7,471
637
For those not paying attention, patching your Router will not help (it only fixes their Client behavior in wireless extender mode), as it's the clients that are vulnerable, so all your tablets, phones, laptops, computers, and wireless appliances need to be patched. This brings new meaning to firmware updates for @Jane Deere , @Danni , @Stardust and @BudVugger 's wireless sex toys.
 

Jane Deere

CEO at Janer's Garage
Staff
9,599
5,972
387
For those not paying attention, patching your Router will not help (it only fixes their Client behavior in wireless extender mode), as it's the clients that are vulnerable, so all your tablets, phones, laptops, computers, and wireless appliances need to be patched. This brings new meaning to firmware updates for @Jane Deere , @Danni , @Stardust and @BudVugger 's wireless sex toys.
I'll have to share this with my husband to get help. OMG. I JUST REALIZED THIS COMMENT WAS FOR MY SEX TOYS! (all battery powered. I'm good. Hehe)
 
Last edited: