1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

WPA2 is now insecure

Discussion in 'Security and Privacy' started by TonyT, 2017/10/16.

  1. 2017/10/16
    TonyT

    TonyT SuperGeek Staff Thread Starter

    Joined:
    2002/01/18
    Messages:
    8,713
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;
    KRACK Attacks: Breaking WPA2

    Yesterday this researcher released a paper demonstrating a vulnerability in WPA2. While WPA2 is the most used and most secure method of wifi security, it has been proved to be vulnerable in the past by password guessing and man-in-the-middle attacks. On my Linux laptop I found my own WPA2 password in about 3 minutes by forcing others on my LAN to disconnect and then automatically reconnect to my fake access point and capturing the WPA password in clear text.; it's a very strong password too!

    This new vulnerability affects ALL WPA2 secured wifi devices and networks because the attack exploits a vulnerability in the WPA2 protocol itself. Fortunately, the researchers will not release the scripts (commands) they used until WPA2 gets patched. Thus, there will likely operating system updates soon enough to update wifi networking.

    The page above explains how the exploit works in fairly easy to understand language.
     
    Bill likes this.
  2. 2017/10/16
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    The report states the vulnerability is in the WPA2 protocol itself. This means our WAPs (wireless access points - typically integrated in wireless routers) must receive necessary firmware updates too, in addition to every one of our wireless devices - such as smart TVs, Blu-ray players, cell phones that use wifi, and more. Not just our wireless computers.

    My advice is to use Ethernet (wired connections) whenever possible - especially for your critical computing tasks such as on-line banking and shopping. I also recommend accessing your router's admin menu and limit the number of simultaneous connections allowed to the number of devices you have. You typically can do this by setting a finite range of available IP addresses. Use MAC filtering. This tells your router to only allow devices with specific MAC addresses to connect. The MAC address is (or should be) printed on a label on each device. Assigning a "static" address to each authorized device can further protect you.

    And avoid connecting to free "hotspots" such as Internet cafes, hotel and airport wireless systems when possible and for sure, don't do any Internet banking at those locations. There is no way to see if the administrators at those locations have made the necessary security upgrades.

    Except for going all Ethernet and disabling wifi completely, none of those steps are foolproof nor do they guarantee a bad guy cannot exploit this WPA2 vulnerability. But it sure will slow them down and, because most badguys are lazy opportunists, these steps will hopefully cause them to exclaim "sour grapes" and move on to easier pickings.

    Oh, and BTW, it is not that WPA2 is "now" insecure. It seems this vulnerability has always been there - it is just a newly discovered vulnerability.
     
    Last edited: 2017/10/16
    Bill,
    #2

  3. to hide this advert.

  4. 2017/10/16
    TonyT

    TonyT SuperGeek Staff Thread Starter

    Joined:
    2002/01/18
    Messages:
    8,713
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;

Share This Page