Black Mondey - new WIFI flaw - all devices affected - decrypt WPA2 possible

[johannes]

Black Monday - new WIFI flaw - all devices affected - decrypt WPA2 possible

Vulnerability is in the Wi-Fi standard itself, not in WPA2. It concerns all WIFI devices, computers, mobil phones, routers, printers... --> read more here: https://www.wordfence.com/blog/2017/10/krack-and-roca/

.. just to let you know, have an eye on it and update as soon they get patched..

 

[Richard G]

Wow... first time security flaw in WPA2 and a big one. Thank you for the notification!

 

[johannes]

Follow up - Tech Info: https://www.krackattacks.com

 

[ikkeben]

We remark that the reliability of our proof-of-concept script may depend on how close the victim is to the real network. If the victim is very close to the real network, the script may fail because the victim will always directly communicate with the real network, even if the victim is (forced) onto a different Wi-Fi channel than this network.

good to know

So you expect to find other Wi-Fi vulnerabilities?

“I think we're just getting started.” — Master Chief, Halo 1

But OK only saying almost 20 years now WIFI while base isn't secure not to use if possible, and ofcourse not at all for "sensitive information" purposes.
Yea WIFI is so easy , to easy and makes one lazy to the security mathers..

 

[johannes]

good to know

.. just wondering how long it will take for somebody who got the POF for making a payed Kali plugin :-/

 

[Richard G]

Well at least Microsoft and Linux already had spread updates for their systems.
And the attacker has to be within the reach of your wifi network to be able to do some bad. Not really interesting to hack civilians so if you keep your systems up2date, it's not a real issue.
But it's the beginning, there will be more hacks and holes, like always.

 

[ikkeben]

Well at least Microsoft and Linux already had spread updates for their systems.
And the attacker has to be within the reach of your wifi network to be able to do some bad. Not really interesting to hack civilians so if you keep your systems up2date, it's not a real issue.
But it's the beginning, there will be more hacks and holes, like always.

BYOD things with private and Bussiness LOGINS to .... then not only the working on a Terasse drinking is a risk working with your tablet/laptop wifi, the real hackers knows who works where, then they have to find out where the stay living in private time.....
I assume that is a old spy thing they know an do for long times, knowing your victims. So yes if you have on/through your BYOD and other private devices access to important data or devices from you work then take care.

 

[Richard G]

then they have to find out where the stay living in private time.....

Yes but in that case the phones and tablets will be more dangerous because as said. Microsoft and Linux already patched things, so if you keep your laptop up to date, it's already fixed.
Imho there is more risk with malware then with this wpa2 hack. You should take care anyway with your BYOD and private devices with important data.

 

[ikkeben]

The problem is with a lott of devices you can't protect yourself in some situations for these kind of hacks.

So very dangerous for example engineers that are underway to serve products as Windmills and use WIFI with their devices is only 1 example.

So yes maybe less risk , but more dangerous wen hackers has pointed out that special to hacking goal, then they have a seriuous extra possibilty to use and so on.

 

[Richard G]

Yep that's quite true.

But again, we have to take care always. There will always be unknown leaks, malware, hacks etc. Security must be number 1 to take care of especially the kind of people you mention.

 

[zEitEr]

Using OpenVPN over WiFi... What do I do wrong?