[LINK] Key Reinstallation Attacks

Stephen Loosley StephenLoosley at outlook.com
Tue Oct 17 22:29:19 AEDT 2017


https://www.krackattacks.com

We’ve discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks.

An attacker within range of a victim can exploit these weaknesses .. to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

The attack works against all modern protected Wi-Fi networks.

Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.

To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected.

During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux.

For more information about specific products, consult the database of CERT/CC, or contact your vendor …

Cheers,
Stephen




More information about the Link mailing list