thezootsewt/ October 16, 2017/ Cyber Defense, Latest News/ 0 comments

Get your patch kits ready.  The details of a major security vulnerability were released today that could undermine wifi security as we know it.  The KRAK attack (Key Reinstallation Attack) utilizes a weakness in the WPA-2 protocol to recover the key used to encrypt traffic between a client and an access point.  The result, scary to say the least, is any traffic sent between a client and an access point using WPA-2 can be decrypted.  This basically renders a WPA-2 secured access point as vulnerable as an open access point that you might use on an airplane or coffee shop.  This is another great reason to use a VPN and secure protocols such as HTTPS, SSH, etc.

Here is a demo of the attack –

Bottom line – it is especially important to patch systems (phones, computers, refrigerators, or anything that possibly could connect via wifi) as soon as vendors release patches.

The specific details of each vulnerability should be published soon under the following CVEs:

Ars has a great writeup on the finer points of the hack, with some good details.  Well worth the read.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>