Every Wi-Fi network vulnerable to new hack, researchers find (+ Video: An attack demo)

Discussion in 'Networking and Security' started by gwb-trading, Oct 16, 2017.

  1. gwb-trading

    gwb-trading

    Every Wi-Fi network vulnerable to new hack, researchers find (+ Video: An attack demo)
    http://wraltechwire.com/every-wi-fi...earchers-find-video-an-attack-demo-/17019880/

    If you utilize a Wi-Fi network, you are vulnerable to being hacked even when utilizing passwords and encryption, according to researchers in the U.K.

    The hack attack is called "Krack." And it's very dangerous.

    “It seems to affect all Wi-Fi networks, it’s a fundamental flaw in the underlying protocol, even if you’ve done everything right [your security] is broken,” Alan Woodward of the University of Surrey’s Center for Cyber Security told the London Telegraph.

    Standard security procedures won't work, either. Changing passwords, for example, is not a sufficient step.

    (More at above url)

    Detailed info:
    Key Reinstallation Attacks
    Breaking WPA2 by forcing nonce reuse
    https://www.krackattacks.com/
     
  2. Incredible,it never stops.


    End of video says to update all your WiFi devices to avoid this hack. What update version would that be,as we know some companies are slow to update with the latest update.
     
  3. Truth_

    Truth_

    LINUX {the Debian variants, Ubuntu, Mint, etc. } issued a patch for this vulnerability today.

    Suggest a check for updates manually on a daily basis and would disable wifi for any phone, tablet, desktop, until patched.

    The article linked in the OP lists the CVE numbers of the defect. Be sure that what you update is for those specific defects and not the many others found in mainstream products.

    One of the many reasons I do not have a so called "smart" phone. The box I trade from has wifi disabled and connects with RJ45 cable.

    The vulnerability of smart phones is staggering in view of the fact that many people put their most intimate moments on the devices. Given the whole concept of risk versus reward, traders should have that nailed down in all aspects of their lives.
     
    777 and ThunderThor like this.
  4. Vertex

    Vertex

    Well for once windows 10 is an advantage (maybe). MS claims they already patched this with the Oct. 10th updates. link

    I don't know if having only one end of the connection patched actually blocks the attack. Is a patched W10 machine safe connected to an unpatched router/access point? Is an unpatched device safe if connected to a patched router/access point?

    If every device has to be patched, there are a gazillion old android devices around that will never get patched.

    BleepingComputer is maintaining a list of major manufacturers that have released updates. Link
     
  5. DeltaRisk

    DeltaRisk

    I've actually got a private company managing my usage, and I still got leaked.

    Proprietary information is probably the main target, but what is there to do?
    I got hacked a year ago.
     
  6. Turveyd

    Turveyd

    I don't put any Debit Card or account info on my PC / Phones, so getting hacked doesn't worry me thankfully, it's the only way to be remotely safe.
     
  7. maxpi

    maxpi

    I deleted banking apps and any apps used for purchases from the wifi devices, they've patched Win10 already and hopefully they will patch Win7 real soon. IoS devices and many routers will never be patched, consumers will have to upgrade them.
     
  8. Overnight

    Overnight

    The one comfort we can take away from this is multi-faceted...

    A.) Do not do anything on an app with usernames/passwords on a public Wi-Fi network, just do it from home.

    B.) If it is your home Wi-Fi network, they would have to be in range to try to hack your Wi-Fi, which isn't that great of a range to begin with...

    and C.) Not many folks in your neighborhood know how to use Wireshark and Linux scripts.

    Sub-part D.) It won't matter when the most important stuff, like banks and brokers, are hacked. Equifax was just the latest step up, and we all thought THEY (credit agencies) were secure, right? Banks may be next. Hope Bubba the IT security manager at these places is not asleep at the switch and is earning his 6-7 figure salary by researching ways to keep hackers out of financial institutions, rather than playing solitaire on their PCs for 5 of their 7-hour workdays.