Major wifi vulnerability could affect all devices

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,482
1,471
1,093
Ben's Branch, Stephen Creek
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/

"...our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key." While Windows and iOS devices are immune to one flavor of the attack, they are susceptible to others. And all major operating systems are vulnerable to at least one form of the KRACK attack.

https://www.macrumors.com/2017/10/16/wpa2-krack-attacks/

Fortunately, the vulnerabilities can be patched, and in a backwards-compatible manner. In other words, a patched client like a smartphone can still communicate with an un-patched access point like a router. [ . . . ] It is now up to device and router manufacturers to release any necessary security or firmware updates.