WPA2 Wi-Fi Security Cracked [Video]

Several key vulnerabilities that have been discovered recently in the Wi-Fi standard put just about every router, smartphone and computer out there at risk of having users’ personal information intercepted, exposed and stolen.

Security researchers Mathy Vanhoef and Frank Piessens of KU Leuven University have been credited with finding the crucial flaws in the Wi-Fi standard itself and not specific products.

Dubbed “Key Reinstallation Attacks” and “Krack Attacks”, they let attackers eavesdrop on all traffic over public and private Wi-Fi networks, even those protected with the WPA2 encryption.

In response to these obviously dangerous exploits, The United States Computer Emergency Readiness Team issued the following warning:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection and others.
Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

An attacker would make a carbon copy of a WPA2-protected Wi-Fi network, impersonate the MAC address and change the Wi-Fi channel. Taking advantage of a flaw in the handshake method, a device can be forced to bypass the original network and connect to the rogue one.

While Wi-Fi passwords or secret keys cannot be obtained using this method, hackers can still eavesdrop on traffic and, in some cases, force a connection to bypass HTTPS in order to expose usernames, passwords and other critical data.

 


blog comments powered by Disqus
Octofinder Blog Catalog