WiFi Krack attack.
#1
I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com
”There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy." - Hamlet (1.5.167-8), Hamlet to Horatio.

[Image: yVR5oE.png][Image: VKQ0KLG.png]

Reply
#2
Indeed, I spent much of the afternoon reading up on the attack. Unfortunately, other than a Faraday cage, I don't see much to do about it.
"I may be old, but I'm not dead."
Reply
#3
(10-17-2017, 03:25 AM)LavCat Wrote: Indeed, I spent much of the afternoon reading up on the attack. Unfortunately, other than a Faraday cage, I don't see much to do about it.
As far as I have read the issue, you can only really solve it by either not connecting your device(s) to any WiFi network or having your device(s) updated with a patch to adress the issue. The first is impractical/impossible if you're in a (corporate) environment that relies on WiFi. The second means you have to wait for a patch that may or may not ever arrive.

On the other hand, the chance of an average civilian to be targeted at home is minescule since the attack requires the attacker to be within range of the WiFi. It is mostly an issue for corporations, anyone handling sensitive data and anyone using WiFi in public areas. And public WiFi has always been a risk.
Hugs are good, but smashing is better! - Clarence<!--sizec--><!--/sizec-->
Reply
#4
(10-17-2017, 12:15 AM)kandrathe Wrote: I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.
Sith Warriors - They only class that gets a new room added to their ship after leaving Hoth, they get a Brooncloset

Einstein said Everything is Relative.
Heisenberg said Everything is Uncertain.
Therefore, everything is relatively uncertain.
Reply
#5
(10-17-2017, 01:55 PM)Lissa Wrote:
(10-17-2017, 12:15 AM)kandrathe Wrote: I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.
Yes, I'm not downplaying the threat. My home is pretty secure as I know my neighbors in range (50 yards from either end of my house). They are a retired lawyer, and a carpet installer.

Work is fairly secure (on a peninsula) but theoretically a bad actor from the public might come fishing. But, personally, a small fish in a pond of thousands of devices. A truly devious actor would find much better hunting in any big building in Minneapolis.
”There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy." - Hamlet (1.5.167-8), Hamlet to Horatio.

[Image: yVR5oE.png][Image: VKQ0KLG.png]

Reply
#6
(10-17-2017, 05:01 PM)kandrathe Wrote:
(10-17-2017, 01:55 PM)Lissa Wrote:
(10-17-2017, 12:15 AM)kandrathe Wrote: I just heard about this today. If you use WPA2, there is an inherent vulnerability in the protocol.

Details— https://www.krackattacks.com

Actually, this is far, far worse. The attack also compromises RSA token security, that's an even bigger security threat than the wifi aspect with WPA2. RSA is used for a majority of two factor authentication. A very large amount of companies and government agencies use RSA to protect their access to data and tools. If you use a token to access a game like WoW, this attack affects you.
Yes, I'm not downplaying the threat. My home is pretty secure as I know my neighbors in range (50 yards from either end of my house). They are a retired lawyer, and a carpet installer.

Work is fairly secure (on a peninsula) but theoretically a bad actor from the public might come fishing. But, personally, a small fish in a pond of thousands of devices. A truly devious actor would find much better hunting in any big building in Minneapolis.

I have about fourteen networks in range, at least one apparently without a password.

Not that it will do any good but the scare prompted me to update the firmware in my router.
"I may be old, but I'm not dead."
Reply
#7
(10-18-2017, 01:41 AM)LavCat Wrote: Not that it will do any good but the scare prompted me to update the firmware in my router.
Ditto. I'm watching for a cure to my device, (or notice it won't be fixed Sad )
”There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy." - Hamlet (1.5.167-8), Hamlet to Horatio.

[Image: yVR5oE.png][Image: VKQ0KLG.png]

Reply
#8
(10-19-2017, 05:10 PM)kandrathe Wrote: Ditto. I'm watching for a cure to my device, (or notice it won't be fixed Sad )

Apparently it is possible to connect some iPads and iPhones to a network with a wired solution:

http://networktoolbox.de/networktoolbox-...i-anymore/


Edit: this also looks interesting...
http://redpark.com/lightning-gigabit-eth...-l6-netac/
"I may be old, but I'm not dead."
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)