techrevu Logo with link to Main Page  
KRACKs And ROCA Security Protocol Vulnerabilities: Routers At Risk by Dainius Prakapavičius
Review by Charles Mohapel
CUJO, BuzzFeed News, The Verge.com, MacRumors.com News  ISBN/ITEM#: CM171017ATTACK
Date: 17 October 2017

Links: CUJO Blog Entry / BuzzFeed News Article / The Verge Article / MacRumors.com Article /

If you thought WPA2 (Wi-Fi Protected Access II) provided you with secure Wi-Fi encryption, it was for roughly 13 years, but due to a recently discovered critical vulnerability in the WPA2 protocol called KRACKs (Key Reinstallation Attacks), MOST modern Wi-Fi networks are vulnerable to this attack.  And if you're arrogant enough to think that you're protected because you're running a Mac OS or some flavor of Linux, you're in for a VERY rude awakening.  As of this moment, only Windows users who applied the updates of October 10th, 2017 are protected.

WPA2 (Wi-Fi Protected Access II) was considered to be a secure Wi-Fi encryption suite for around 13 years. It became an industry and home standard. As recent history tells us, there is nothing 100% hack-proof.

Very recently a research group has detected a critical vulnerability in the WPA2 protocol called KRACKs (Key Reinstallation Attacks).  It should be stressed that *most* of modern Wi-Fi networks are vulnerable to this attack.

How severe could it be?  The vulnerability could be critical. Personal data such as credit card information, passwords or your activities online could be at risk.

"During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks", -- notes Mathy Vanhoef, a researcher who discovered the vulnerability.

As the proof-of-concept demo below shows, various operating systems could be deceived to use a known (i.e., not secret) encryption key.  That could be used to decrypt your internet traffic, including sensitive information.  Although the fact that most of the sensitive data is transferred via a safe and encrypted HTTPS is soothing, there is plenty of information (especially coming from the IoT devices) that could be extracted from the unencrypted traffic.

Return to Index


We're interested in your feedback. Just fill out the form below and we'll add your comments as soon as we can look them over.
Name:
Email:
Comments
Loading
© 2002-2017TechRevu

advertising index / info
Our advertisers make TechRevu possible, and your consideration is appreciated.

Our Other Pubs:

Do You SFRevu? Thousands of Intelligent Beings Do Every Month

Gumshoe Review - a literary investigation.

  © 2002-2017TechRevu