Posted on 10/16/2017 6:24:52 AM PDT by dayglored
"Krack Attack" allows hackers to steal credit cards, bank info and more.
Researchers have discovered a key flaw in the WPA2 WiFi encryption protocol that could allow hackers to intercept your credit card numbers, passwords, photos and other sensitive information. The flaws, dubbed "Key Reinstallation Attacks," or "Krack Attacks," are in the WiFi standard and not specific products. That means that just about every router, smartphone and PC out there could be impacted, though attacks against Linux and Android 6.0 or greater devices may be "particularly devastating," according to KU Leuven University's Mathy Vanhoef and Frank Piessens, who found the flaw.
Here's how it works. Attackers find a vulnerable WPA2 network, then make a carbon copy of it and impersonate the MAC address, then change the WiFi channel. This new, fake network acts as a "man in the middle," so when a device attempts to connect to the original network, it can be forced to bypass it and connect to the rogue one.
Normally, WPA2 encryption requires a unique key to encrypt each block of plain text. However, the hack described in the Krack Attack paper forces certain implementations of WPA2 to reuse the same key combination multiple times.
...
(Excerpt) Read more at engadget.com ...
Oops, “WPA2” not “WPA@”.
Ethernet cable is my simple solution to these problems. Faster, too.
This is what some techie geniuses are spending there time on because there are just so many fantastic techie real jobs out there - NOT. (AI is already into processes to replace average tech workers, analysts of all types - including financial and legal, and general computer programmers).
I didn’t see if disabling WIFI administrator affected it. I always leave that off.
Better off with a career as an aircraft or robot mechanic.
My router cannot be seen outside my house due to the fact I have stone walls. I can’t even use it in the garage. I can see my neighbor’s router(they live through the woods) but not mine.
Self programming computers are only the beginning...............
Remember, WIFI’s not a question....it’s a thing.
A WPA2 WiFi access point can be configured with a hidden SSID instead of a public one to make it harder to hijack.
From the comments on the article at engadget:
“Windows 10 isn’t vulnerable (because Windows breaks the spec in exactly the proposed way to avoid the attack), and iOS isn’t vulnerable either (for the same reason), and AFAIK it shares its networking stack with macOS so macOS is likely not vulnerable either.”
This means if you use Windows 10 or a Mac as a WiFi client you should be safe.
Linux clients are still vulnerable (Android).
And of course, the attack won't work unless the attacker is nearby and can physically access your network.
It’s an Android thing and someone has to be close by to Krack you ,LOL
if you have wi-fi enabled on your IPhone while you’re out and about, a hacker can grab your info?
Didn’t sound like it.
Don’t we all have our SSIDs set to “Free Republic” or “Pig in a Pantsuit” or such?
Ummm, like your local coffee shop's "Free WIFI"?
What would you guess the likelihood is that public WIFI hotspots are gonna get patched quickly?
I'm not exactly sure precisely which clients are vulnerable, because there's a lot of crap/fake info floating around, and some folks are desperate to convince themselves (and others) that their preferred device or OS is "safe".
I created this thread mainly to raise FReepers' consciousness about the problem, but I don't claim to have a definitive list of the exact info -- yet. Data is still emerging, and one has to be careful about what one takes as gospel, at least early on in the discussion.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.