Posted on 10/16/2017 6:24:52 AM PDT by dayglored
"Krack Attack" allows hackers to steal credit cards, bank info and more.
Researchers have discovered a key flaw in the WPA2 WiFi encryption protocol that could allow hackers to intercept your credit card numbers, passwords, photos and other sensitive information. The flaws, dubbed "Key Reinstallation Attacks," or "Krack Attacks," are in the WiFi standard and not specific products. That means that just about every router, smartphone and PC out there could be impacted, though attacks against Linux and Android 6.0 or greater devices may be "particularly devastating," according to KU Leuven University's Mathy Vanhoef and Frank Piessens, who found the flaw.
Here's how it works. Attackers find a vulnerable WPA2 network, then make a carbon copy of it and impersonate the MAC address, then change the WiFi channel. This new, fake network acts as a "man in the middle," so when a device attempts to connect to the original network, it can be forced to bypass it and connect to the rogue one.
Normally, WPA2 encryption requires a unique key to encrypt each block of plain text. However, the hack described in the Krack Attack paper forces certain implementations of WPA2 to reuse the same key combination multiple times.
...
(Excerpt) Read more at engadget.com ...
Nope:
Apple has already patched the ‘KRACK’ WPA2 Wi-Fi security flaw iOS, macOS, watchOS, and tvOS betas
Monday, October 16, 2017 · 6:01 pm“Apple has already patched the WPA2 Wi-Fi KRACK exploit announced today in iOS, macOS, watchOS, and tvOS betas, reports Rene Ritchie [via Twitter],” iClarified reports.
“Discovered by security researcher Mathy Vanhoef,” iClarified reports, “the method of using key reinstallation attacks (KRACKs) allow attackers to read information that was previously assumed to be safely encrypted and steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”
iClarified reports, “You can learn more about the KRACK exploit by clicking here.”
Full article here.
MacDailyNews Take: This is mainly an Android problem because Android is a stolen product that was initially supposed to be a BlackBerry knockoff which, after Steve Jobs revealed the iPhone, was hastily cobbled-together to mimic Apple’s revolutionary and patented Multi-Touch™ device. This hasty corner-cutting resulted in something that was and remains so poorly implemented that even the simple act of delivering software updates is in many cases never achieved leaving those who ignorantly settle for Android dreck vulnerable to myriad and unending security lapses and privacy intrusions.
thanks!!!!!!!!!!
That's what I've always done. If you don't advertise it, most people can't find your network unless you tell them the ID. When guests ask to use my network, I give them a guest SSID and password. If they want to easily get on a network, some neighbors networks are not secured (which I would never use).
Thanks bro.
And by all means, write it down and save it in a secure location! There are times when one day I wake up and for the life of me I can't remember the exact password, despite having used it for many months. Getting senile I guess. Now I make sure the tips I leave for myself are easily translated to my passwords (with the many special mix of characters and symbols). I still don't write down the exact string of characters, just tips to translate, even though secured in safes - I'm a security freak.
Mine's "TrumpIsPrezBitchez"
Wow.
Well, tell MacDailyNews that for me, it's an Apple problem, because my wonderful, dependable, functional, reliable, incredibly useful, need-it-every-day Apple iPhone 5c likely won't get the iOS patch necessary to address this vulnerability, because it just went out of security update support.
I don't want a new phone. My phone works just fine, and shows every indication of continuing to work fine for years to come.
Except that it's now out of support, and I can't get a patch for this security issue.
So, no, MacDailyNews, this is not just an Android problem, at least not for me.
That's fine ... but my home is in a remote rural area, in a clearing a half-mile from anywhere somebody could set up without being seen from the house. I don't even bother with WPA2 at home. :-)
At work it's a very different story, of course. Your good advice applies there quite nicely.
Mine is “FBI”
:-D
From the original Krackattacks article:
Should I change my Wi-Fi password?
Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack.
The original paper states the hack requires the passwords to be cracked by brute force. . . and the authors assume that will be easily done. It doesn't necessarily mean it will be done in a short time. The more complex the password, the longer brute force cracking will take.
As I understand it, the cloning of the Router does not copy the settings or any data on the original WIFI Router such as the contents of the password files. The cloning merely replicates the MAC addressing. . . and inserts itself in place of the original Router. it's the WIFI packet encryption keys that are being forced to be reused multiple times by the hack when normally they are supposed to be replaced with each packet, not the WIFI passwords themselves.
I think this is a problem that really won't rear its head much. . . but you are absolutely right. On the other hand, there are a lot of devices out there that are in the same boat of vulnerability and the real solution is to upgrade the firmware on the routers. Unfortunately, that's about as likely to happen as older Android phones getting a security upgrade.
Got any ideas?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.