Posted on 10/16/2017 1:54:20 PM PDT by plain talk
Every Wi-Fi connection is potentially vulnerable to an unprecedented security flaw that allows hackers to snoop on internet traffic, researchers have revealed.
The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years.
In theory, it allows an attacker within range of a Wi-Fi network to inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.
The so-called “Krack” attack has been described as a “fundamental flaw” in wireless security techniques by experts. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords
(Excerpt) Read more at telegraph.co.uk ...
Krack is Whack!
Note that the home wireless router manufacturers are aware of this and software updates for routers are being pushed out as I type this.
Apple already fixed their part of the issue.
https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/
This a client problem, not a router problem. Windows 10 desktops are essentially protected already. I think MacOs is too.
It is basically a Linux (Android) problem.
Yeah. I got an email from Netgear last week, going to do this tonight or tomorrow.
The vulnerability is in the clients not the router/AP. All the router/AP can do is add extra checks to try to protect the vulnerable clients that have not been patched.
Linux Mint 18.2 just got an update
Nothing from Arris yet.
https://www.engadget.com/2017/10/16/microsoft-already-has-krack-attack-wifi-fix/
“To recap: the exploit revolves around cloning a WPA2-encrypted WiFi network, impersonating its MAC address and changing the WiFi channel. Intruders can force your device to connect to this bogus network instead of the legitimate one, making it easier for them to snoop on your data traffic or perpetrate attacks that require a local network. Would-be hackers have to get within physical distance of a target network for this to succeed, but that’s potentially a huge problem for public networks.”
and the hack vector tricks the client into reinstalling a new key, allowing the communication session to be hijacked
the fix is in the OS, not the router.
Original discoverer/author’s write up: https://www.krackattacks.com
So I guess we’ll see the fix in iOS 11.0.4 ?
I wonder if dd-wrt is going to get patched. I am guessing you have to wait for a new build.
It seems to me that if you are using a VPN you would pretty much bypass this vulnerability because all your traffic is encrypted by other means.
bookmark
Yes, fix in testing and out soon.
Issue was already mitigated, if not fixed outright:
“Apple’s iOS devices (and Windows machines) are not as vulnerable as Macs or devices running Linux or Android because the vulnerability relies on a flaw that allows what’s supposed to be a single-use encryption key to be resent and reused more than once, something the iOS operating system does not allow, but there’s still a partial vulnerability.”
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.