WiFi WPA2 broken in new attack - all "WPA2 secured WiFi" are now vulnerable

in cybersecurity •  11 months ago

WPA2 which is perhaps the main security method used to protect WiFi has been shown to be vulnerable to a newly discovered attack called "Key Reinstallation". This attack exploits nonce reuse and the article claims it "works against all modern protected WIFI. Any data transmitted over WIFI can now be decrypted which may even include login data so it is important to take serious precaution.

Because this is a very major attack I encourage everyone and anyone to share this news either by sharing my post or by making a duplicate post on your own blog to announce this. This needs to be known in the crypto community because money may be at stake.

Some technical details on the attack:

Our main attack is against the 4-way handshake of the WPA2 protocol. This handshake is executed when a client wants to join a protected Wi-Fi network, and is used to confirm that both the client and access point possess the correct credentials (e.g. the pre-shared password of the network). At the same time, the 4-way handshake also negotiates a fresh encryption key that will be used to encrypt all subsequent traffic. Currently, all modern protected Wi-Fi networks use the 4-way handshake. This implies all these networks are affected by (some variant of) our attack. For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES. All our attacks against WPA2 use a novel technique called a key reinstallation attack (KRACK):

References

  1. https://www.krackattacks.com/
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Thanks a lot for sharing such an urgent news. It will touch most of us and tools such as the ALPHA SHIELD might have to become mandatory then, I guess?!?

Upvoted, resteemed and shared. Namaste :)

·

Namasete , you can count on K7 ultimate security to trace your bit by bit connections

Does using a VPN give any level of protection against this vulnerability?

·

I am not entirely certain but I suspect it can depending on how it's set up. If your WiFi is broken they could probably still capture a lot of information but the actual risk is unknown because I don't know how many might be exploiting this or have enough details yet to know how practical it is.

So mobile app (phone/tablets) btc wallets are no longer secure on our own wpa2 network?

Or only for pc?

·

Everything is broken which uses WPA2 until it is patched. I'm not sure how far reaching it will be but now the attack is made public.

·
·

Ok thanks!

I will wait a few days or so before sending crypto...

Resteem...

Well, this sounds scary. I'm not sure what to do about it. Thanks for informing us though. I will watch for patches or something from my providers? I don't know.

·

When I have more information I will post more on this. For now be careful using WiFi and assume it is unsafe for anything important.

·
·

That will be hard seeing as everything I have is on wifi mostly. Thanks for the alert and I look forward to more from you.

On a practical level, not sure what this means - everything I do is wi-fi. Whatever will I do now?

Stop all the clocks, cut off the telephone,
Prevent the dog from barking with a juicy bone,
Silence the pianos and with muffled drum
Bring out the coffin, let the mourners come.

Thanks for this important information. upvoted and resteemed!

Scary... Hope my neighbor know nothing about this LOL... Guess we should keep to minimal the important info we use through wifi...

Has anyone tried this? I'm heading to read the article right now and see how to hack my own router.

Hi when is this published? what can we do to patch it?

u can hardline all of your devices with cat6 cable to the router, even your mobiles, as long as they support usb otg, just get a usb otg adapter that fits through your phone case, and a usb to cat6 female adapter for 15 bucks and stock up on multiple lengths of cat 6, very cheap on amazon...

unless and until the routers going to support old wpa technology ,this cyber attacks will happen again and again. Bestly known as Deauth-Attack.wpa are not strong but they provide stability.

Better change our security methods, or upgrade our data plans! Thanks for sharing, maybe average folks can figure out how to log in to their routers and change the security protocol.

Great post @dana-edwards

I loved the post , and a short post for you guys to prevent yourself from hacking, here https://steemit.com/cybersecurity/@vishalsingh4997/wifi-wpa2-broken-in-new-attack-all-wpa2-secured-wifi-are-now-vulnerable-bitcoin-hack-real-truth
Thanks @dana-edwards for letting us updated

Thanks. It's critical that this information gets out to the broadest segment of the public as soon as possible. I wonder if the Wifi Alliance even has an active bug bounty program? If not, it should get a vigorous one up and running ASAP.

This is extremely informative and alarming! Thanks for sharing!

The same can't be said about other networked protocols; their security is highly variable. Obviously HTTP is extra screwed now.

The most screwed thing, though, is private networks such as the one in most homes. They are no longer private until patched. Better start by turning off password-less file sharing and hope for the best...

You rock for sharing such a critical news. It will touch a large portion of us and devices, for example, the ALPHA SHIELD may need to end up noticeably compulsory at that point, I presume?!?

Upvoted, resteemed and shared. Namaste :)@abdullatifphadia

Nice post

Kindly upvote my other posts

Kindly follow and upvote my other post

This is way over my head and wish to have a better explanation. Just a noob when it comes to computers.

Thanks. It's critical that this information gets out to the broadest segment of the public as soon as possible. I wonder if the Wifi Alliance even has an active bug bounty program? If not, it should get a vigorous one up and running ASAP.