Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

https://arstechnica.com/information...l-leaves-wi-fi-traffic-open-to-eavesdropping/

 

From link provided:
<<We released fixed versions last week, so if you upgrade your devices routinely, no further action is required.>>

This means that if my wi-fi modem driver and the router I connect to are up to date I will be covered?

 

Yes, but for most users that's a big IF. Personally I will use VPN whenever I use WiFi just to be sure.

 

Site and paper are online:
https://www.krackattacks.com/

Client devices are also vulnerable, not just routers/modems:

That's a statement from MicroTik, if both your devices are from MicroTik it looks like they're covered. You should still patch clients.

 

fixable
https://doublepulsar.com/regarding-krack-attacks-wpa2-flaw-bf1caa7ec7a0

 

https://marc.info/?l=openbsd-misc&m=150815051212011&w=2
https://marc.info/?l=openbsd-misc&m=150815062312041&w=2

 

You folks beat me to it.

I was about to post. ´krackattacks.com´
To think that so many people rely on wireless these days. Even me.

Is there going to be a WPA3 ??

 

"Introduction...

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected..."

https://www.krackattacks.com/

 

"Much ado about nothing" it appears:

 

A couple other points about this attack. As such, public Wi-Fi users are the ones vulnerable:

https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/

 

" 'All wifi networks' are vulnerable to hacking, security expert discovers...

Different devices and operating systems are impacted to differing degrees based on how they implement the WPA2 protocol. Among the worst hit are Android 6.0 (Marshmallow) and Linux, due to a further bug that results in the encryption key being rewritten to all-zeros; iOS and Windows, meanwhile, are among the most secure, since they don’t fully implement the WPA2 protocol. No tested device or piece of software was fully immune to the weakness, however..."

https://www.theguardian.com/technol...curity-vulnerable-hacking-us-government-warns

 

Thanks for posting this.

 

After applying of patches the attack is prevented:

 

"Microsoft and others scramble to address KRACK WPA2 Wi-Fi vulnerability

It may feel like the internet is hyperventilating over the newly revealed WPA2 security flaw, but as more stories and analysis surface, we’re learning that not only is the hysteria warranted but something we all should understand going forward..."

https://www.onmsft.com/news/microsoft-and-others-scramble-to-address-krack-wpa2-wi-fi-vulnerability

 

OK so I'm confused

Client-side, if I am using a third-party WiFi card does a patch need to be applied to the WiFi card or the WIN OS ?

FS: Four Hi-Gain WiFi Router Antennas

 

"Microsoft has already fixed the Wi-Fi attack vulnerability...

Microsoft says it has already fixed the problem for customers running supported versions of Windows. 'We have released a security update to address this issue,'says a Microsoft spokesperson in a statement to The Verge. 'Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.' Microsoft is planning to publish details of the update later today..."

https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

 

In OpenBSD vuln was found and patched in the Wifi stack, not in the device drivers.
It suggest that probably in Windows this should be the same: patch to Windows primarily.

 

This is gonna be worse than WEP because android phone users are unable to apply updates.

 

I see all over the internet they have claimed to have fixed it. Doesn't count until they release said fix.

 

I hate to even consider going Apple, but if my phone doesn't get updated it could turn into a very likely possibility.

 

Thanks @reasonablePrivacy

 

"...Microsoft says customers who applied Oct. 10 Windows updates are free from the Wi-Fi security flaw..."

https://www.cnet.com/news/if-you-applied-windows-security-updates-youre-safe-from-krack/

 

Thanks to all of you that posted above.

 

November 6 security patch level released for Android should fix it. If you're lucky enough to receive updates..