Password, you said? Wi-Fi is still unsafe

Wi-Fi router
Protocol-level security flaws in WPA2 may affect ALL Wi-Fi devices!
Author

18 October, 2017

Researchers this week published information about a newfound, serious weakness in WPA2 - the security standard that protects all modern Wi-Fi networks.

Belgian researcher Mathy Vanhoef revealed in a paper, titled "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2", that if a certain step of the WPA2 protocol was repeated, it would cause the network to reuse what should be a one-time encryption key to encode the data stream.

As Gizmodo wrote, hackers need to be on the same Wi-Fi network as you to exploit this WPA2 flaw.

Android 6.0 and above, along with many Linux variants, use a newer version of the wpa_supplicant application that is the vector for this variation of the attack. This could involve passwords, credit card numbers, photos and messages sent over a network to be stolen, or cyber attacks to be inserted into the traffic. Researchers have noted that Android- and Linux-based devices are particularly vulnerable, and as many as 50% of Android devices are particularly susceptible.

The Wi-Fi Alliance, an industry group that represents hundreds of Wi-Fi technology companies, said the issue "could be resolved through a straightforward software update". This fix was installed via a cumulative update that included over 25 other updates, but didn't provide any useful info until you visited the associated knowledge basic article.

"Depending on the network configuration, it is also possible to inject and manipulate data", the researchers continued.

Turkey will Boycott Meetings with the US Ambassador
But the State Department said that Bass had been operating with the full authority of the U.S. government. Bass is due to leave Turkey later this week for a new assignment in Afghanistan.

These Pictures Taken on the Pixel 2 Look Stunning
The Google Pixel 2 is slated to launch in India on November 1 whereas the Pixel 2 XLwill be available from November 15. All four phones can be unlocked with fingerprint scans, while the Galaxy S8 line can scan a user's face or eyes.

Boston Red Sox ALDS Game 3 preview and predictions
Everyone counted them out in 2004 when they were down three games to none to the Yankees, but they were still able to come back. He ended the at-bat with a 91-mph four-seamer over the heart of the plate that Correa demolished 419 feet for a two-run homer.

Also, the public announcement about this security weakness was held for weeks in order to give Wi-Fi hardware vendors a chance to produce security updates. Any device that is connected to a Wi-Fi network is at risk for an attack if the hacker is within range of the victim.

Make sure all your devices are updated and update the firmware of your router.

Manufacturers and vendors have promised updates that are already available or will be soon.

As I've previously written, the padlock indicates that traffic to and from a site is encrypted - via the HTTPS protocol- which basically means no one but that site can read any sensitive information you share. "Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together".

Unfortunately, changing your passwords won't help this time around.


More news