Date:16/10/17
Security researchers may have discovered severe vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol that protects the majority of Wi-Fi connections around the world. If the encryption really has been cracked, it could allow hackers within wireless range of a network to eavesdrop on traffic, perform malicious injection, and more.
The proof-of-concept attack is called KRACK (Key Reinstallation Attacks). It’s thought that the site Krackattacks.com will disclose the vulnerabilities at 8AM EST / 5AM PST / 2PM CEST / 5:30PM IST on Monday. The flaws will also be the subject of a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, which is set to take place at the Conference on Computer and Communication Security on November 1 and will be presented by security researchers including Mathy Vanhoef and Frank Piessens.
The Krack attacks website still isn’t live, but according to its source code: "This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi."
The United States Computer Emergency Readiness Team has issued the following warning:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
The attack works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
The researchers also suggested in a 2016 paper that the random number generator used to create 802.11 group keys is flawed by design and can be predicted.
Major wireless vendors may already be working on patches, but how long they'll take to roll out is unclear. Some devices, such as certain IoT products, may never get patched. If you’re particularly concerned, using a (reliable) VPN is recommended.
WPA 2 security protocol may have been cracked
Security researchers may have discovered severe vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol that protects the majority of Wi-Fi connections around the world. If the encryption really has been cracked, it could allow hackers within wireless range of a network to eavesdrop on traffic, perform malicious injection, and more.The proof-of-concept attack is called KRACK (Key Reinstallation Attacks). It’s thought that the site Krackattacks.com will disclose the vulnerabilities at 8AM EST / 5AM PST / 2PM CEST / 5:30PM IST on Monday. The flaws will also be the subject of a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, which is set to take place at the Conference on Computer and Communication Security on November 1 and will be presented by security researchers including Mathy Vanhoef and Frank Piessens.
The Krack attacks website still isn’t live, but according to its source code: "This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi."
The United States Computer Emergency Readiness Team has issued the following warning:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
The attack works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.
The researchers also suggested in a 2016 paper that the random number generator used to create 802.11 group keys is flawed by design and can be predicted.
Major wireless vendors may already be working on patches, but how long they'll take to roll out is unclear. Some devices, such as certain IoT products, may never get patched. If you’re particularly concerned, using a (reliable) VPN is recommended.
Views: 329
©ictnews.az. All rights reserved.
Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate
