Page 1 of 2 12 LastLast
  1.    4 Weeks Ago #1
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,897
    Windows 10 (Pro and Insider Pro)

    New paper reveal serious weaknesses discovered in WPA2 protocol


    INTRODUCTION

    We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

    The research behind the attack will be presented at the Computer and Communications Security (CCS) conference, and at the Black Hat Europe conference. Our detailed research paper can already be downloaded.

    DEMONSTRATION

    As a proof-of-concept we executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info). When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted. In any case, the following demonstration highlights the type of information that an attacker can obtain when performing key reinstallation attacks against protected Wi-Fi networks:


    Read more: KRACK Attacks: Breaking WPA2

    Microsoft will be first to release patch: www.neowin.net | microsoft-already-has-a-fix-for-the-wpa2-vulnerability
    Last edited by AndreTen; 4 Weeks Ago at 11:28.
      My ComputerSystem Spec
  2.    4 Weeks Ago #2
    Join Date : Nov 2013
    Chicagoland
    Posts : 33,778
    Dual boot Windows 10 FCU Pro x 64 & Insider 10 Pro

    Thanks for the heads up on that @AndreTen.
      My ComputersSystem Spec
  3.    4 Weeks Ago #3
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,897
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by HippsieGypsie View Post
    Thanks for the heads up on that @AndreTen.
    Just be prepared to update router's and card's firmwares, when they show up.
      My ComputerSystem Spec
  4.    4 Weeks Ago #4
    Join Date : Dec 2015
    Posts : 5,896
    Windows10

    Quote Originally Posted by AndreTen View Post
    Mathy Vanhoef of imec-DistriNet, KU Leuven discovered serious weaknesses in WPA2 protocol and posted an article about it on www.krackattacks.com.

    All modern Wi-Fi networks are vulnerable to this attack. At the time, it isn't clear how to prevent it

    This is so serious I posted a news here in News section. Mods, please transfer it somewhere else if necessary.
    Actually, we get loads of these scares.

    To me, it is irresponsible journalism to publicise it in such a manner, as it becomes a self fulfilling prophecy.

    A couple of years ago, one of new UK newspapers publicised "new flash mob craze" concerning the authorities. As a result, flash mobs exploded in number!

    There is no evidence as far as I can tell, the weakness has been hacked yet, but now the hackers know, and know where to look......

    A more responsible article would say "Experts have identified a weakness and whilst we cannot provide details for security puposes, we have let appropriate authorities know. In meantime we recommend you do X,Y,Z etc."

    Of course, journalists never care about the fallout from their articles, so long as they sell papers, or get advertising revenue from extra clicks etc.

    This is one of those stories that is going to get blown out of all proportion.
      My ComputerSystem Spec
  5.    4 Weeks Ago #5
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,897
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by cereberus View Post
    Actually, we get loads of these scares.

    To me, it is irresponsible journalism to publicise it in such a manner, as it becomes a self fulfilling prophecy.

    A couple of years ago, one of new UK newspapers publicised "new flash mob craze" concerning the authorities. As a result, flash mobs exploded in number!

    There is no evidence as far as I can tell, the weakness has been hacked yet, but now the hackers know, and know where to look......

    A more responsible article would say "Experts have identified a weakness and whilst we cannot provide details for security puposes, we have let appropriate authorities know. In meantime we recommend you do X,Y,Z etc."

    Of course, journalists never care about the fallout from their articles, so long as they sell papers, or get advertising revenue from extra clicks etc.

    This is one of those stories that is going to get blown out of all proportion.
    This is authors own discovery... and he's hiding some crucial details for now, as far as I'm understanding it.

    There is no attack in the wild atm, so equipment manufacturers do have some time to develop solutions. And he is not selling new equipment, because new solutions are also affected by this (it's in the way protocol works at the time of signing into network)
      My ComputerSystem Spec
  6.    4 Weeks Ago #6
    Join Date : Dec 2015
    Posts : 5,896
    Windows10

    Quote Originally Posted by AndreTen View Post
    This is authors own discovery... and he's hiding some crucial details for now, as far as I'm understanding it.

    There is no attack in the wild atm, so equipment manufacturers do have some time to develop solutions. And he is not selling new equipment, because new solutions are also affected by this (it's in the way protocol works at the time of signing into network)
    So apart from creating a scare, why did he feel need to publicise it now, rather than responsibly telling authorities?

    Was it altruism, or oh let me think - 's for article - LOL.
      My ComputerSystem Spec
  7.    4 Weeks Ago #7
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,897
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by cereberus View Post
    So apart from creating a scare, why did he feel need to publicise it now, rather than responsibly telling authorities?

    Was it altruism, or oh let me think - 's for article - LOL.
    Guessing is not productive here... But, there are good reasons I can imagine. (and what is wrong with $$$ - world is running on it).
    If he publish a paper (it is research work), I guess he is academic and publishing is part of his life (cruel too).

    It is good he revealed this vulnerability, no matter how much you or anybody else don't like it. Otherwise, once it's known (and someone would get to it), bad guy would find out and we won't...
      My ComputerSystem Spec
  8.    4 Weeks Ago #8
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,897
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Looks like first patches will be OS related.

    neowin.net | microsoft-already-has-a-fix-for-the-wpa2-vulnerability?
      My ComputerSystem Spec
  9.    4 Weeks Ago #9
    Join Date : Oct 2013
    Posts : 25,194
    64-bit Windows 10 Pro build 17040
      My ComputersSystem Spec
  10.    4 Weeks Ago #10
    Join Date : Oct 2014
    Arnold, MD
    Posts : 28,966
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)

    Has anyone actually received any security KBs from MS yet today? I've checked, just did, and nothing.

    EDIT: It was included in the Oct 10th Security Patch Tuesday updates.
    Last edited by f14tomcat; 4 Weeks Ago at 13:01.
      My ComputersSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Changing wifi from wep to wpa2
hi, i am tryting to change my wifi to wpa2. i have windows 10 and a chromebook. i was using a guide, but it was from the xp days and i can't find the settings i am looking for. i keep running in circles on the desktop! i appreciate the help!
Network and Sharing
Printer not printing both sides of paper
Hi I have a new ASUS UX305CA laptop preloaded with W10. It recognised my old Epson Stylus SX415 printer but will not act on selection to print both sides of paper. I seem to have the most up to date driver and I've tried removing and...
Drivers and Hardware
Unused Paper Sizes - Can I Remove Them?
Firstly, I have an Epson Workforce WF-7620 Printer, if that makes a difference. Secondly, I'm (obviously) on Windows 10 since I'm here, using Word 2016, however I don't think the application itself is important. I could be wrong. I'l just use...
General Support
How to switch to WPA2 in Windows 10?
I'm using Windows 10. My current WiFi settings are: Network and sharing center >Connections: WIFi (SSID name) >Wireless properties >Security> Security type: WPA personal Encryption type: AES I want to switch to WPA2 personal. When I switch...
Network and Sharing
Solved Changing the default paper size
How do you change the default paper size from letter to A4. ALL the paper I buy in the UK is A4 and the letter size, although only slightly out, throws out my formatting, particularly when I do a mail merge or print a document with a header or...
Drivers and Hardware
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:01.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums