New Wi-fi security flaw 'puts devices at risk of hacks'

[6pack]

Source: BBC News

It concerns an authentication system which is widely used to secure wireless connections.

Experts said it could leave "the majority" of connections at risk until they are patched.

The researchers added the attack method was "exceptionally devastating" for Android 6.0 or above and Linux.

The vulnerability was discovered by researchers led by Mathy Vanhoef, from Belgian university, KU Leuven.

According to his paper, the issue centres around a system of random number generation known as nonce (a number that can only be used once), which can in fact be reused to allow an attacker to enter a network and snoop on the data being sent in it.

Prof Alan Woodward explained the issue to the BBC.

When any device uses wi-fi to connect to, say, a router it does what is known as a "handshake": it goes through a four-step dialogue, whereby the two devices agree a key to use to secure the data being passed (a "session key").

This attack begins by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. In doing this a number of important set-up values can be reset which can, for example, render certain elements of the encryption much weaker.

This attacks appears to work on all wi-fis tested - prior to the patches currently being issued.

 

[nimod]

if this report about WEP?

 

[6pack]

yes. its about wep/wep2 etc.

 

[vivek.krishnan]

yes. its about wep/wep2 etc.

Nopes, its about WPA/WPA2.

 

[meetdilip]

And, they say it cannot be hacked.

 

[nimod]

yes. its about wep/wep2 etc.

Nopes, its about WPA/WPA2.

Please provide link to technical detail.
The description looks too much like WEP vulnerability.[DOUBLEPOST=1508669016][/DOUBLEPOST]found: www.krackattacks.com/

 

[vivek.krishnan]

Please provide link to technical detail.
The description looks too much like WEP vulnerability.[DOUBLEPOST=1508669016][/DOUBLEPOST]found: www.krackattacks.com/

Sorry, but guess you found the link!

You need to ensure that any WiFi devices which are not routers or APs, need to get updated, this included wifi repeaters as well.[DOUBLEPOST=1508682889][/DOUBLEPOST]

And, they say it cannot be hacked.

That is an incorrect presumption. WPA2 is more difficult to attack than WEP, which could be easily attacked in minutes, if not seconds.

Earlier you had the WPS attack as well