What You Need To Know About KRACK WPA2 Wi-Fi Attack

What You Need To Know About KRACK WPA2 Wi-Fi Attack

The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself, not the implementation. It’s a flaw in the 4 way handshake for WP2 compromised by a Key Reinstallation Attack.

This means any device that has correctly implemented WPA2 is likely affected (so basically everything that has Wi-Fi capability) – this includes Android, Linux, Apple, Windows, OpenBSD and more.

Read the rest of What You Need To Know About KRACK WPA2 Wi-Fi Attack now! Only available at Darknet.

Continue reading What You Need To Know About KRACK WPA2 Wi-Fi Attack

Smashing Security podcast #048: KRACK, North Korea, and an 18th century cyber attack

Smashing Security podcast #048: KRACK, North Korea, and an 18th century cyber attack

KRACK! Has the Wi-Fi vulnerability got you worried? Did North Korea hack a British TV company? And what have Dutch police learnt from Pokémon?

All this and more is discussed in the latest edition of the “Smashing Security” podcast by Graham Cluley and Carole Theriault, joined this week by Virus Bulletin editor Martijn Grooten.

Continue reading Smashing Security podcast #048: KRACK, North Korea, and an 18th century cyber attack

KRACK: will there be an exploit soon?

Given that the probability is high that there are unpatched devices left even years from now (android devices, IoT-Things, etc.):

Is it likely that there will be an exploit available soon? I think of the consequences, especially with packet forgery and still not widely used HSTS, would warrant development of an exploit and foresee a second big wardriving instance.

While it is easy for tech-savvy users to set up a VPN, for the regular user it isn’t.

Are there good reasons (for example high computational complexity of a successful attack) to make it not worthwhile to widely deploy Notebooks or pi‘s carrying out the attack with a generalized exploit?

How about botnets/Trojans with WiFi capabilities? Could they easily deploy an exploit to a wide range of (private) targets, making it less of a local attack?

Continue reading KRACK: will there be an exploit soon?

Why is Android/Linux able to communicate with the wireless access point after the encryption key is set to zero?

As I understand it, when exploited against Linux and Android the KRACK attack results in the encryption key for the session being zeroed out on the device, so an eavesdropper can easily decrypt the messages. On other platform… Continue reading Why is Android/Linux able to communicate with the wireless access point after the encryption key is set to zero?

Dangerous KRACKs in Wi-Fi Security Puts Most Devices at Risk

WPA2, the most widely used Wi-Fi security standard, has a number of flaws that could allow hackers to snoop on users’ internet traffic or, worse, to inject malware into it. The vulnerabilities are in the protocol itself, more precisely in the four-way handshake between clients and access points. It allows attackers to mount an evil..

The post Dangerous KRACKs in Wi-Fi Security Puts Most Devices at Risk appeared first on Security Boulevard.

Continue reading Dangerous KRACKs in Wi-Fi Security Puts Most Devices at Risk

Why didn’t anyone think "use zero nonce and continue handshake" was a problem or at least strange in wpa-supplicant before now?

If someone is coding a secure connection library, I’d have expected this to stick out like a red flag to them.

Why on earth would someone code logic like this (anyone working on it must have understood the basics enough to … Continue reading Why didn’t anyone think "use zero nonce and continue handshake" was a problem or at least strange in wpa-supplicant before now?