Thursday, October 26, 2017

WiFi WPA2: KRACKed security

Wi-fi symbol made out of clouds. Photo by Shutterstock

Episode 134: KRACKed security and a river of sensors – IoT Podcast – Internet of Things

"Security researchers disclosed a vulnerability in the Wi-Fi protocol that could cause problems for smart device owners. The details of the KRACK vulnerability:"

"Users are urged to continue using WPA2 pending the availability of a fix, experts have said, after security researchers went public with more information about a serious flaw in the wireless encryption protocol. So-called Key Reinstallation Attacks, aka KRACK, potentially work against all modern protected Wi-Fi networks....

It affects WPA2 Personal and Enterprise, regardless of the encryption ciphers used by a network. It mostly affects Linux and Android 6.0 and above, as well as macOS and OpenBSD. Windows and iOS are more or less unaffected due to the way they implement WPA2. Gadgets from Cisco, Linksys and other networking gear makers are also vulnerable. "

"The long short of all of this is: you're definitely affected in some way, it just depends on which devices you use as to how to protect yourself. The most important thing to do is check if all of your devices can be patched immediately: not just your router, but whatever you're using to get online too."

Here's the paper outlining the vulnerability with the full technical details:"Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" (PDF)

Krack Attacks (WiFi WPA2 Vulnerability) - Computerphile - YouTube
"Secure WiFi is broken - Dr Mike Pound & Dr Steve Bagley on the Krack Attack discovered by researchers in Belgium."

No comments: