Febrero 20, 2018

Your Password-Protected Wi-Fi Isn't Safe From Snooping

16 Octubre 2017, 07:50 | Benedicto Grullon

Security flaw endangers almost every WiFi device to hacking!

Google WiFi Rooter

More specifically, a vulnerability in the Wi-Fi Protected Access II (WPA2) security protocol allows an attacker to bypass the encryption, read sensitive information, and even inject and manipulate the data being transported over the previously "secure" connection. Due to a flaw in the design of the protocol itself-not a specific vendor implementation-attackers can capture part of the handshake message, and use modified versions of that to trick devices into installing a blank encryption key, a process called "key reinstallation attacks", or KRACKs by Vanhoef.

Over the weekend, reports revealed that security researchers found a way to decrypt the WPA 2 Wi-Fi security protocol, and on Monday the secrets behind the KRACK hack, short for Key Reinstallation Attacks, were revealed.

On the site, Vanhoef published a proof-of-concept video in which he demonstrates reading a username and password sent using an Android device.

"If your device supports Wi-Fi, it is most likely affected."

KRACK makes the prospect of using any WiFi network sound like a horribly bad idea, but there is some hope for a more secure wireless future.

While Windows and Apple IOS devices are not vulnerable to the four-way handshake attack, they are vulnerable to the group key handshake attack and the Fast BSS attack. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.

According to the Wi-Fi Alliance, the organization that certifies Wi-Fi devices, "There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections". But then, the Android is infamous for its weak security, with developers issuing software updates and security patches at a very slow speed like it's none of their concern.

The vulnerability has to do with the four-way handshake between a client and an access point - your smartphone and your router for instance.

On their website, the researchers said they notified vendors of the products they tested on July 14.

If it's possible, connect your computer directly to the router with an ethernet cable and install any updates that the router may require.

By taking advantage of these vulnerabilities, hackers can eavesdrop on the transmission of data, potentially reading that information even if it was encrypted.

"It is likely that some products, particularly Android smartphones, and Wi-Fi routers, will never be fixed".

Tristan Liverpool, Director of Systems Engineering at F5 Networks, said: "This major public vulnerability can affect any Wi-Fi network, including home, office and public connections". Changing your Wi-Fi password won't help, but you can look for other security protocols or find a reliable VPN. The attacker must be within range of the Wi-Fi network to exploit it. People also need to be aware of subtle differences to keep their connections safe such as paying attention to the URL.

Alex Hudson, a security researcher, said on his website that the only answer for some Android devices was to switch off the WiFi function completely.

"The attack works against all modern protected Wi-Fi networks".

Otras noticias

Tendencias Ahora

S Korean Activists Float Anti-North Korean Leaflets Denouncing Provocations
South Korea's military has acquired all technologies necessary to build the bombs at any time, Yonhap news agency reports . In May the ministry said North Korea had hacked into Seoul's military intranet but did not say what had been leaked.

Astros beat Yankees in MLB's ALCS opener
After all, Houstonians have a few solid cannoli options, but good luck finding a decent kolache north of the Red River. The Yankees advanced to the ALCS by beating the Cleveland Indians in a best-of-five after losing the first two games.

Giants CB Dominique Rodgers-Cromartie returns to team facility
ESPN reported that the Giants plan to welcome Rodgers-Cromartie back "with a clean slate once he has served his punishment". He also left a recovery session early Friday, another reason McAdoo felt prompted to talk to Rodgers-Cromartie Tuesday.

Tony Coton: 'Liverpool match will test Manchester United's title chances'
Yet they might not be able to, because beating teams like Burnley requires a different formula than winning the 'big' games. I still believe that if we had scored those goals then we would have those matches and nobody would talk about our defence.

Walmart: New HQ Could Cost Up to A Billion
Walmart also expects to open less than 15 supercenters and less than 10 Neighborhood Markets in the coming fiscal year. As more resources go to its web operations, Wal-Mart has significantly slowed down its pace of new store development.

VOTE: Should the Red Sox Fire John Farrell?
Encarnacion batted.258 with 38 home runs and 107 RBIs in his first season with the Indians this year. They were a combined 3-for-33, 3-for-30 out of the top three spots. "Fine, I felt good", Sale said.

Honor launches WaterPlay waterproof tablet with 10.1-inch display and 6660mAh battery
Apart from that, there is a standard Micro-USB port, a top-mounted 3.5 mm audio jack and a fingerprint scanner on the back. And today, Huawei has launched another mid-range smartphone called the Honor 6C Pro in Russian Federation .

How Michigan State exposed Michigan's offensive problems in upset
The Wolverines wilted after that as Eddie McDoom dropped a pass and they had to back up 5 yards due to a delay-of-game penalty. Overall, the upsets this weekend prove one thing: You can not underestimate any team in college football.

Korean firms ask govt. to approve visit to Kaesong complex
One of the deal's diplomat-architects, Wendy Sherman, argued North Korea would conclude it is futile to talk to Washington . She added, "We've seen success on the issue of North Korea, as we've been moving toward our peaceful pressure campaign".

Red Sox Postseason Push
The Astros blasted three homers off Sale, tagged him for seven runs, and the Sox ace never gave his team a chance in an 8-2 loss. The Red Sox were slaughtered at Minute Maid Park and did not even look like they belonged on the same field as the Astros .