Warning: file_put_contents(/srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/bulk-post-0.4-1/cache/sessions//s54wx7zg0AIhiqSq9PxBLUrKItZYHHxD7UrNbTbZ): failed to open stream: No space left on device in /srv/users/serverpilot/apps/bitupdateus/public/wp-content/plugins/stupidpie-1.8.3-1/vendor/illuminate/filesystem/Filesystem.php on line 122
  Details on the KRACK attack: WPA2 is attacked but not cracked completely | Bit Updates
Home » bitcoin updates » Details on the KRACK attack: WPA2 is attacked but not cracked completely

Details on the KRACK attack: WPA2 is attacked but not cracked completely

Monday, October 16th, 2017 | bitcoin updates

      
    
  Details about the KRACK attack: WPA2 is attacked, but not completely cracked

      

    

    
    
      
          16.10.2017 4:30 pmDennis Schirrmacher
          
      
      
      
      
    

    
        
            
        
        
    
    
    (Image: Screenshot)
            
              Vulnerabilities in the WPA2 protocol mean that attackers can actually read protected data traffic. Of that all devices with WLAN chip are threatened. The WLAN password is not at risk.
            
            
            
            Two security researchers show how they can see encrypted data between an access point and client due to errors in the WPA2 protocol. WPA2 is the almost everywhere used protocol for encryption in radio networks and is intended to prevent attackers from snooping data by simply listening to the radio transmission. The KRACK baptized attack could attack personal information or manipulate data. The "Key Reinstallation Attack" is integrated into the connection setup.
Entrance gate handshake
The security researchers at the Belgian KU Leuven set up the moment a client wants to connect to an access point via WLAN. Both of them communicate in the form of a handshake, which is divided into four steps, including the session key to be used. According to the description, they are able to use an already used key again by active manipulation. This works in practice with almost all WLAN clients.
This "reinstallation" allows them to decrypt or manipulate parts of the data traffic, the researchers explain on a web site specially designed for the description of the KRACK attack. This is a design error of the WPA2 protocol, which does not prevent the reuse of the key. The WLAN password can not be brought into this property. In addition, data secured via SSL / TLS, such as those used for HTTPS connections to online banking or for transferring login data, can not be decrypted by KRACK. More details on the attack on the 4-way handshake presented Mathy Vanhoef and Frank Piessens in a paper on key reinstallation attacks: Forcing Nonce Reuse in WPA2

            
        
        Security researchers bypass WPA2 on Android and Linux.
        
Linux and Android are particularly vulnerable
In addition to WPA2, including the personnel and enterprise variant, WPA-TKIP, AES-CCMP and the currently not widely used GCMP are also vulnerable. Since the security standards are vulnerable, basically all devices with Android, iOS, Linux, Windows & Co., which have installed a WLAN chip, are endangered.
According to security researchers, especially Linux and Android version 6.0 or later are particularly vulnerable to such an attack. The software wpa_supplicant is used here, which can be brought to the use of a dummy key with the value 0 by the re-transmission of the third handshake package. In this case, they were able to decrypt all transmitted data with little effort. About 41 percent of all Android devices are vulnerable to this "particularly devastating variant" of their attack.
On November 1, 2017, the researchers will hold an updated lecture with further details on the KRACK attack at the conference Computer and Communications Security (CCS). In a first statement, the Wi-Fi Alliance asserts that there is so far no evidence to exploit the vulnerabilities. Several network equipment manufacturers have already announced patches. So you can close the KRACK gap, assure the researchers. Heise Security is in contact with various providers and will report.
Until patches are available, one must assume that third parties can read. When transferring personal information, you should ensure that an extra encryption such as HTTPS is used. Alternatively, the use of a VPN can help. Disabling WLAN is also effective, but generally not practical.

(of)

        

Related

US President's Asian

The trip of American President Donald Trump to China is the culmination of

"Top Idea" 2018

The surprise was so great that the share, which JPMorgan analyst Doug Anmuth

US baseball team cheated

              US baseball team cheated with Apple Watch                      

Chrome blocks unwanted re

                                       With the upcoming version 64 of the Google-Browser nerve-popups