WiFi Krack attack. - Printable Version

WiFi Krack attack. - Printable Version

+- The Lurker Lounge Forums (https://www.lurkerlounge.com/forums)
+-- Forum: The Lurker Lounge (https://www.lurkerlounge.com/forums/forum-4.html)
+--- Forum: The Lounge (https://www.lurkerlounge.com/forums/forum-12.html)
+--- Thread: WiFi Krack attack. (/thread-17338.html)

WiFi Krack attack. - kandrathe - 10-17-2017

I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

RE: WiFi Krack attack. - LavCat - 10-17-2017

Indeed, I spent much of the afternoon reading up on the attack. Unfortunately, other than a Faraday cage, I don't see much to do about it.

RE: WiFi Krack attack. - roguebanshee - 10-17-2017

(10-17-2017, 03:25 AM)LavCat Wrote: Indeed, I spent much of the afternoon reading up on the attack. Unfortunately, other than a Faraday cage, I don't see much to do about it.

As far as I have read the issue, you can only really solve it by either not connecting your device(s) to any WiFi network or having your device(s) updated with a patch to adress the issue. The first is impractical/impossible if you're in a (corporate) environment that relies on WiFi. The second means you have to wait for a patch that may or may not ever arrive.

On the other hand, the chance of an average civilian to be targeted at home is minescule since the attack requires the attacker to be within range of the WiFi. It is mostly an issue for corporations, anyone handling sensitive data and anyone using WiFi in public areas. And public WiFi has always been a risk.

RE: WiFi Krack attack. - Lissa - 10-17-2017

(10-17-2017, 12:15 AM)kandrathe Wrote: I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.

RE: WiFi Krack attack. - kandrathe - 10-17-2017

(10-17-2017, 01:55 PM)Lissa Wrote:
(10-17-2017, 12:15 AM)kandrathe Wrote: I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.

Yes, I'm not downplaying the threat. My home is pretty secure as I know my neighbors in range (50 yards from either end of my house). They are a retired lawyer, and a carpet installer.

Work is fairly secure (on a peninsula) but theoretically a bad actor from the public might come fishing. But, personally, a small fish in a pond of thousands of devices. A truly devious actor would find much better hunting in any big building in Minneapolis.

RE: WiFi Krack attack. - LavCat - 10-18-2017

(10-17-2017, 05:01 PM)kandrathe Wrote:
(10-17-2017, 01:55 PM)Lissa Wrote:
(10-17-2017, 12:15 AM)kandrathe Wrote: I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.
Yes, I'm not downplaying the threat. My home is pretty secure as I know my neighbors in range (50 yards from either end of my house). They are a retired lawyer, and a carpet installer.

Work is fairly secure (on a peninsula) but theoretically a bad actor from the public might come fishing. But, personally, a small fish in a pond of thousands of devices. A truly devious actor would find much better hunting in any big building in Minneapolis.

I have about fourteen networks in range, at least one apparently without a password.

Not that it will do any good but the scare prompted me to update the firmware in my router.

RE: WiFi Krack attack. - kandrathe - 10-19-2017

(10-18-2017, 01:41 AM)LavCat Wrote: Not that it will do any good but the scare prompted me to update the firmware in my router.

Ditto. I'm watching for a cure to my device, (or notice it won't be fixed Sad

)

RE: WiFi Krack attack. - LavCat - 10-19-2017

(10-19-2017, 05:10 PM)kandrathe Wrote: Ditto. I'm watching for a cure to my device, (or notice it won't be fixed )

Apparently it is possible to connect some iPads and iPhones to a network with a wired solution:

http://networktoolbox.de/networktoolbox-wired-ethernet-connection-not-wifi-anymore/

Edit: this also looks interesting...
http://redpark.com/lightning-gigabit-ethernet-power-l6-netac/