Домой United States USA — software WPA 2 security protocol may have been cracked

WPA 2 security protocol may have been cracked

292
0
ПОДЕЛИТЬСЯ

Security researchers may have discovered severe vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol that protects the majority of Wi-Fi connections around the world. If the encryption really has been cracked, it could allow hackers within wireless range of…
Security researchers may have discovered severe vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol that protects the majority of Wi-Fi connections around the world. If the encryption really has been cracked, it could allow hackers within wireless range of a network to eavesdrop on traffic, perform malicious injection, and more.
The proof-of-concept attack is called KRACK (Key Reinstallation Attacks). It’s thought that the site Krackattacks.com will disclose the vulnerabilities at 8AM EST / 5AM PST / 2PM CEST / 5:30PM IST on Monday. The flaws will also be the subject of a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, which is set to take place at the Conference on Computer and Communication Security on November 1 and will be presented by security researchers including Mathy Vanhoef and Frank Piessens.
The Krack attacks website still isn’t live, but according to its source code: «This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.»
The United States Computer Emergency Readiness Team has issued the following warning
Ars Technica goes into more detail: “it [the attack] works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.”
The researchers also suggested in a 2016 paper that the random number generator used to create 802.11 group keys is flawed by design and can be predicted.
Major wireless vendors may already be working on patches, but how long they’ll take to roll out is unclear. Some devices, such as certain IoT products, may never get patched. If you’re particularly concerned, using a (reliable) VPN is recommended.

Continue reading...