schrödinger

feed me, seymour

//
RSS: schrödinger
tous les messages de schrödinger
  • @erratic
    schrödinger

    Internet, we have a problem: Wi-Fi WPA2 security probably broken through key re-installation attack

    Two Belgian researchers, Mathy Vanhoef of KU Leuven and Frank Piessens of imec-DistriNet, are confident they really have done serious damage to WPA2.

    Their paper “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2” will be formally presented on November 1st at the ACM Conference on Computer and Communications Security.

    https://www.modmy.com/wi-fi-wpa2-security-has-been-krack-ed

    The vulnerability, called KRACK (Key Reinstallation AttaCK), is found within the 4-way handshake process which takes place when a device attempts to connect to a wireless network. This process involves generating unique single-use numbers to secure the connection between the device and the wireless access point. As it turns out, under certain reproducible conditions, such a number (called a nonce) can be reused, which may significantly weaken the encryption for traffic between Wi-Fi access points and devices connecting to them.

    https://www.theregister.co.uk/2017/10/16/wpa2_inscure_krackattack

    The CVE (Common Vulnerabilities and Exposures) numbers for Krack Attack have been reserved. They are CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088

    https://www.i4u.com/2017/10/124939/wi-fi-wpa2-security-broken

    The researchers published last year a paper titled “Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys.” The core problem for that security problem of Wi-Fi was the 802.11 random number generator allowing predicting its output including the group key. The paper shows how a downgrade-style attack against the 4-way handshake works. The researchers also propose the solution to fix the vulnerability with the random number generator based on randomness extracted from the wireless channel.

    https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now

    Lots of us have old routers at home, which have no chance of a firmware upgrade, and lots of WiFi equipment that may well not get a protocol upgrade if one is required. Right now, it sounds like all this stuff is going to be worthless from the perspective of encryption.

    #WPA2

    schrödinger
    Écrire un commentaire