It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

WPA2 protocol used by vast majority of wifi connections has been broken by Belgian researchers

page: 1
13
<<   2  3 >>

log in

join
share:

posted on Oct, 16 2017 @ 08:40 AM
link   

The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.

Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.

“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.


www.theguardian.com...

Boom... Nearly ever WIFI Network around the world uses WPA2 because it was so secure.
Now the cats out of the bag...


Vanhoef emphasised that “the attack works against all modern protected wifi networks.


Going to be a interesting few days at the office me thinks!

Few specifics for those interested:

www.krackattacks.com...


edit on 16/10/17 by Agit8dChop because: (no reason given)




posted on Oct, 16 2017 @ 08:42 AM
link   
a reply to: Agit8dChop

Disable your WIFI. It is the only secure option atm.

Here is the complete explanation as of the author (very technical) : PDF



posted on Oct, 16 2017 @ 08:43 AM
link   
The cycle will continue, new security measures and new ways to beat them etc.

edit on -180002017-10-16T08:43:46-05:000000004631201746102017Mon, 16 Oct 2017 08:43:46 -0500 by Zcustosmorum because: (no reason given)



posted on Oct, 16 2017 @ 08:46 AM
link   
the first teaser about this finding was published on twitter end of August. 50 days to develop a patch to fix this, would that be sufficient?



posted on Oct, 16 2017 @ 08:49 AM
link   
Dang!

I just posted a question about this seconds ago!

You guys/gals are FAST!!!

The agency I work for accesses the financial information of over 30 million people and we just installed a WiFi system in our main office...and it’s open to the public!

There’s going to be some red faces in IT today!



posted on Oct, 16 2017 @ 08:50 AM
link   
a reply to: Agit8dChop

So if I have used online banking, and either my network of the banking system's network used WPA2, my information has been potentially compromised? Yippee!! Technology, supposed to make our lives more convenient... however it continues to prove to be a pain in the ass.



posted on Oct, 16 2017 @ 09:08 AM
link   
This was the dumbest video I have ever watched.

This has nothing to do with compromising WPA2. This is a security flaw in the actual device itself, not WP2 protocols.

I am honestly in disbelief that this was published as something ground breaking. We were spoofing networks as kids and I am 31 now. There is nothing in this video or the pdf that is of either interest or new information.




posted on Oct, 16 2017 @ 09:26 AM
link   
the actual paper can be assessed here

and more info here: www.krackattacks.com...

edit on 16-10-2017 by whismermill because: (no reason given)



posted on Oct, 16 2017 @ 09:27 AM
link   
a reply to: SR1TX

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations.
The following CVE will be detailing this :
CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.
As of now, they are only reserved.

CERT/CC Reports WPA2 Vulnerabilities


CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.
The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519.



edit on 16-10-2017 by theultimatebelgianjoke because: Added text



posted on Oct, 16 2017 @ 09:35 AM
link   
Just a question...

I live out in the country and have a router and a repeater set up to cover all the buildings on my property.

I leave the WiFi open because my kids and grandkids, as many as there are, someone is always bringing a new device or gaming system.

I figure that since I am fairly isolated I would be able to see anyone coming towards the house to get into range of my wifi.

Am I wrong in thinking this way?



posted on Oct, 16 2017 @ 10:09 AM
link   
a reply to: Terminal1

I provide internet to customers like you.

You are not wrong in any way. You are actually far better off as anything within connecting distance of your Wi-Fi signal is also within shooting distance as well.




posted on Oct, 16 2017 @ 10:20 AM
link   
a reply to: Agit8dChop

Awesome, it's been a few years at this point since I've been able to crack most wifi networks.



posted on Oct, 16 2017 @ 10:50 AM
link   
That´s why i hate everything wireless.
The good thing is, because i hate it, WLan is never enabled, so i don´t have to be afraid.
Once again i am going right with handling the web as it is, the most insecure place on earth, where security is harder to find than co2 in space.

Once again my "tinfoil hat" wasn´t wrong!



posted on Oct, 16 2017 @ 11:08 AM
link   
so.......

How many years has the NSA had this hack?

Probably many years.



posted on Oct, 16 2017 @ 12:57 PM
link   
It's why our company laptops could only route (default route) through an IPSEC vpn tunnel. All of the traffic was encrypted back to the main office and then it went through Websense and an IDS/IPS before it ever went to the Internet. This introduced some additional latency for non office traffic but better safe than sorry. It means I did not have to worry about anything in between.

For the home user they have private VPN services if you want to pony up. Although you can get it free if you look around a small bit.



posted on Oct, 16 2017 @ 01:03 PM
link   
The ground breaking part is now everybody and their brother is going to be taking a shot at you.

But speaking of getting around SSL. Why doesn't ATS have SSL enabled? That is what I truly want to know. I mean, it's a business right. Cheap SSL keys can be purchased also.

I often wonder if ATS was approached by da gubbermint for rights to their SSL private key and monitoring them and this was their out "We won't encrypt if that means you keep your software off our servers". Dunno, but why is there no SSL on ATS???




originally posted by: SR1TX
This was the dumbest video I have ever watched.

This has nothing to do with compromising WPA2. This is a security flaw in the actual device itself, not WP2 protocols.

I am honestly in disbelief that this was published as something ground breaking. We were spoofing networks as kids and I am 31 now. There is nothing in this video or the pdf that is of either interest or new information.




posted on Oct, 16 2017 @ 03:43 PM
link   

originally posted by: Bhadhidar
Dang!

I just posted a question about this seconds ago!

You guys/gals are FAST!!!

The agency I work for accesses the financial information of over 30 million people and we just installed a WiFi system in our main office...and it’s open to the public!

There’s going to be some red faces in IT today!


Usually they keep the wi-fi network on separate private network from the corporate network.



posted on Oct, 16 2017 @ 04:08 PM
link   
a reply to: FamCore


So if I have used online banking, and either my network of the banking system's network used WPA2, my information has been potentially compromised? Yippee!! Technology, supposed to make our lives more convenient... however it continues to prove to be a pain in the ass.

There is no such thing as secure WiFi connections! All full of holes like a swiss cheese. If you have a neighbour that have resentment against you and is technically competent, it is possible to record automatically everything transiting on your WiFi for years using a high gain antenna... Hard disks are so massive now. And eventually crack your key(s) and go back in everything you done. Say thanks to NSA for all the "good" exploit everywhere.

Even wired network are not secure as they leak by EMI the transmitted content nearby, but the technical level required is normally out of reach of ordinary peoples.


edit on 16-10-2017 by Cofactor because: (no reason given)



posted on Oct, 16 2017 @ 04:36 PM
link   
a reply to: Terminal1


I figure that since I am fairly isolated I would be able to see anyone coming towards the house to get into range of my wifi.

Wrong assumption! Since you are fairly well isolated, reception of your signal is not degraded by hundreds of nearby WiFi masking your transmission. With a very high gain antenna and line of sight, even of scatter signal from top of electric pole, it is possible to connect at you from kilometers aways! I would bet that you installed your antennas with high elevation above ground and with high power to cover your domain, extremely usefull for long range interception.


edit on 16-10-2017 by Cofactor because: (no reason given)



posted on Oct, 16 2017 @ 04:41 PM
link   

originally posted by: Agit8dChop

The security protocol used to protect the vast majority of wifi connections has been broken, potentially exposing wireless internet traffic to malicious eavesdroppers and attacks, according to the researcher who discovered the weakness.

Mathy Vanhoef, a security expert at Belgian university KU Leuven, discovered the weakness in the wireless security protocol WPA2, and published details of the flaw on Monday morning.

“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” Vanhoef’s report said. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.


www.theguardian.com...

Boom... Nearly ever WIFI Network around the world uses WPA2 because it was so secure.
Now the cats out of the bag...


Vanhoef emphasised that “the attack works against all modern protected wifi networks.


Going to be a interesting few days at the office me thinks!

Few specifics for those interested:

www.krackattacks.com...



I guess at some point, just NOT trying to hack something will become vogue, right?

I mean it is ridiculous that it seems to be the goal of every single stinky pepperhat to just bust up the security of absolutely anything at all.

WHY???

Why does everything need to be broken? Why can't people who work out how to break things also work out how to fix them?

DAMN!!!





top topics



 
13
<<   2  3 >>

log in

join