Beware...Wifi Network with WPA2 is compromised!
This attack is known as KRACK (Key Reinstallation Attacks).The attack is discovered by Mathy Vanhoef and Frank Piessens of imec-DistriNet, KU Leuven university of Belgium.
An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).
In addition to sniffing the traffic , it is also possible to inject and manipulate the data thereby inserting malware. The attack works against all modern protected Wi-Fi networks.
As the weaknesses are in the Wi-Fi standard itself and not in individual products or its implementations and therefore even the device with correct WPA2 implementation may get affected.
During initial research, the researchers observed that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.
Also the researchers suggested that about 41 percent of Android devices are vulnerable to an “exceptionally devastating” version of the attack.
Microsoft has provided patch for the affected products and it is suggested to update your system.Also Apple said "Apple confirmed it has a fix in beta for iOS, MacOS, WatchOS and TVOS, and will be rolling it out in a software update in a few weeks." as per media reports. Many major vendors will be coming up with the updates sooner than later, that includes google.
To prevent the attack, users must update affected products (wireless clients and )as soon as security updates become available.As a better solution at this moment is to use LAN rather than Wifi and also avoid using Wifi in public places till the devices are patched.
An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).
In addition to sniffing the traffic , it is also possible to inject and manipulate the data thereby inserting malware. The attack works against all modern protected Wi-Fi networks.
As the weaknesses are in the Wi-Fi standard itself and not in individual products or its implementations and therefore even the device with correct WPA2 implementation may get affected.
During initial research, the researchers observed that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.
Also the researchers suggested that about 41 percent of Android devices are vulnerable to an “exceptionally devastating” version of the attack.
Microsoft has provided patch for the affected products and it is suggested to update your system.Also Apple said "Apple confirmed it has a fix in beta for iOS, MacOS, WatchOS and TVOS, and will be rolling it out in a software update in a few weeks." as per media reports. Many major vendors will be coming up with the updates sooner than later, that includes google.
To prevent the attack, users must update affected products (wireless clients and )as soon as security updates become available.As a better solution at this moment is to use LAN rather than Wifi and also avoid using Wifi in public places till the devices are patched.
Replies
-
Kaustubh KatdareThanks, #-Link-Snipped-# . Is there any way to address this issue if the firmware upgrade is not available? -
Rahul Jamgade
Not Really at this moment except the fact that one would avoid using wifi itself till we get patches. However the tool is yet to be made available for public consumption that can exploit the vulnerability.The tool may be available once the vendor gets sufficient time to patch the issue (as a standard practice). More details will be presented at the Computer and Communications Security (CCS) conference in November.Kaustubh KatdareThanks, #-Link-Snipped-# . Is there any way to address this issue if the firmware upgrade is not available?
However it remains to be seen what happens to the devices and products that are old or those that are no longer supported by the vendors. -
vanshanuCheck the new Wifi protocol. #-Link-Snipped-#
You are reading an archived discussion.
Related Posts
Results for the quiz conducted on 22 October themed 'Full Forms' are as follows -
Hello Crazy Engineers Community!
After four months of silence from "The Maker", I have released a new video titled "Deconstruction Time Lapse (HD) of "K'NEX Ball Machine - Fushigi"". Some...
World's most popular mobile messenger - WhatsApp seems to be in a hurry to catch up with the rivals in terms of features. After the recent leak about WhatsApp bringing...
Hey there,
there is a really nice app that measures, stores and analyzes vibrations.
Within seconds you get the eigenfrequencies of any kind of objects (slabs, bridges, beams) in terms...
Researchers at Stanford’s School of Earth, Energy and Environmental Sciences have successfully tested a mechanism which shall use fibre optic network to monitor seismic events. Yes, the same fibre optic...