### WiFi Security: Critical weakness found in WPA2

[HellBoy]

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded.



https://www.krackattacks.com/



#This is big time fellas. Any device that uses Wi-Fi is likely vulnerable.

 

[Database Error]

Where that patch at tho?

 

[Lexx Diamond]

Always best to connect via Mac address. The guest network can run off WPA2 for all I care. Oh and do not broadcast your SSID.

 

[HellBoy]

Where that patch at tho?

The exploit is being announce to the world at CCS on November 1st.

For now all you can do is monitor your vendor's updates and https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4

 

[HellBoy]

Always best to connect via Mac address. The guest network can run off WPA2 for all I care. Oh and do not broadcast your SSID.

Not broadcasting the SSID is not legit security measure. Anyone war driving can still detect your network by sniffing packets which will still contain the SSID.

Same with Mac addresses, an analyzer can see all mac addresses allowed to connect to your network. These methods would stop an amateur only.

 

[kinglickk]

Oh and do not broadcast your SSID

Macs can't handle this.

 

[Lexx Diamond]

Not broadcasting the SSID is not legit security measure. Anyone war driving can still detect your network by sniffing packets which will still contain the SSID.

Same with Mac addresses, an analyzer can see all mac addresses allowed to connect to your network. These methods would stop an amateur only.

 

[Duece]

subs

 

[Sango]

So you're basically saying we're all fucked, because there's no way to stop anyone from hacking you if they wanted to. Got it.

This is wild, because someone can set you up by putting incriminating evidence on your computer/s.

 

[HellBoy]

So you're basically saying we're all fucked, because there's no way to stop anyone from hacking you if they wanted to. Got it.

This is wild, because someone can set you up by putting incriminating evidence on your computer/s.

Short term.

Once vendors provide a security update, this hole will be patched.

 

[Mrfreddygoodbud]

So you're basically saying we're all fucked, because there's no way to stop anyone from hacking you if they wanted to. Got it.

This is wild, because someone can set you up by putting incriminating evidence on your computer/s.

yea but look on the bright side,

if you wife or signicant other sees pictures of your

side chicks on your phone..

you could be like..

my fuckin wifi was hacked... gotdammit!!!

 

[Sango]

yea but look on the bright side,

if you wife or signicant other sees pictures of your

side chicks on your phone..

you could be like..

my fuckin wifi was hacked... gotdammit!!!

 

[HellBoy]

https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it

 

[playahaitian]

Not broadcasting the SSID is not legit security measure. Anyone war driving can still detect your network by sniffing packets which will still contain the SSID.

Same with Mac addresses, an analyzer can see all mac addresses allowed to connect to your network. These methods would stop an amateur only.

so what can we do.

 

[Coldchi]

so what can we do.

nothing.
my CEH course teaches how to hack wifi anyway.......lol

 

[HellBoy]

so what can we do.

Use the recommended standard WPA2-PSK [AES], long passwords (for preshared key), keep firmware/software up to date, make sure you change any device default passwords.

 

[HellBoy]

nothing.
my CEH course teaches how to hack wifi anyway.......lol

Hey you didnt reply in the other thread. Is the Dutchess as smart as she comes across?

 

[playahaitian]

bookmark

 

[p5ych3]

Good link.

Was coming to say ALL wifi device can be targets. APs, phones, laptops, security cameras, etc.

https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it

 

[Coldchi]

Hey you didnt reply in the other thread. Is the Dutchess as smart as she comes across?

nah...........smarter.
her intelligence and knowledge of cyber security is a fuckin turn on