SECURITY ALERT: WPA2 Cracked!

Tsutarja · Oct 16, 2017

https://www.mirror.co.uk/tech/hackers-crack-wi-fis-wpa2-11349768

Hackers have now officially cracked through the WPA2 standard of WiFi security! If you use wifi, then yes this affects you! WPA2 is the newest, and utmost standard when it comes to wireless security. As much as it pains me to say this, but please remain vigilant. At least until manufacturers issue patches to address the issue, any device connected to any network on the WPA2 standard is vulnerable to breach.

Sawsbuck · Oct 16, 2017

So I should just stop using the internet?

Tsutarja · Oct 16, 2017

TheUncreativeSawsbuckFan said:
So I should just stop using the internet?

No, and the kind of panic you're showing here is exactly what hackers are on the look for.

Here's a good website I found to keep up with what's going on:
https://www.krackattacks.com/

string555 · Oct 16, 2017

Well, it was only a matter of time. :/

Sawsbuck · Oct 16, 2017

Tsutarja said:
No, and the kind of panic you're showing here is exactly what hackers are on the look for.

Here's a good website I found to keep up with what's going on:
https://www.krackattacks.com/

I can't really help that I'm a little paranoid about this kinda stuff and that I'm always using the internet on an Android device (version 7.0)

Raffy98 · Oct 16, 2017

Obviously I'm a bit concerned since this is the newest standard and there is no way to stay safe for now.
I hope that security patches will be available as soon as possible. Guess I'll try to watch out for now.

Melody · Oct 16, 2017

TheUncreativeSawsbuckFan said:
I can't really help that I'm a little paranoid about this kinda stuff and that I'm always using the internet on an Android device (version 7.0)

Just keep calm for now and keep updating your devices to the latest version of software/firmware. This is why those updates are crucially important. Just keep calm and update Everything?

Unfortunately we as users can't mitigate this attack yet; but it's extremely unlikely that an average user will ever be attacked in this way. I could see this only ever being useful to an adversary trying to attack Payment/POS systems or possibly in a public WiFi setting where an adversary might attempt to phish or extort money from users by sniffing traffic.

Fortunately, this can be somewhat mitigated by using proper security. Strong HTTPS implementations that resist downgrade attacks and VPN configurations that are not vulnerable are viable ways to build more security into your transport layer and help resist attackers who may not be able to exploit those.

Sawsbuck · Oct 16, 2017

Melody said:
Just keep calm for now and keep updating your devices to the latest version of software/firmware. This is why those updates are crucially important. Just keep calm and update Everything?

Unfortunately we as users can't mitigate this attack yet; but it's extremely unlikely that an average user will ever be attacked in this way. I could see this only ever being useful to an adversary trying to attack Payment/POS systems or possibly in a public WiFi setting where an adversary might attempt to phish or extort money from users by sniffing traffic.

Fortunately, this can be somewhat mitigated by using proper security. Strong HTTPS implementations that resist downgrade attacks and VPN configurations that are not vulnerable are viable ways to build more security into your transport layer and help resist attackers who may not be able to exploit those.

Ok I will try to keep stuff updated

Guest123_x1 · Oct 16, 2017

Why is it EVERY SINGLE piece of technology has to have such severe security issues these days!? Seems like newer versions of software and hardware standards are becoming less and less secure every day (not to mention increasingly lower quality than past versions)!

I wish software (and hardware) was still made the way it was 20-25 years ago.

string555 · Oct 16, 2017

Melody said:
Just keep calm for now ...

WE'RE ALL GONNA DIE!!! :O

Otter Mii-kun said:
Why is it EVERY SINGLE piece of technology has to have such severe security issues these days!? Seems like newer versions of software and hardware standards are becoming less and less secure every day (not to mention increasingly lower quality than past versions)!

I wish software (and hardware) was still made the way it was 20-25 years ago.

I think the real problem is that there's more and more people attacking this stuff. I would argue that it IS actually more secure, but when you have more people hammering away at these measures, they tend to find the cracks in it faster.

At least I already found an update for my Ubuntu system, that was fast. :D

I warned my dad about this so hopefully he would get the people in the office at work to check for updates, but he didn't seem to understand the problem even though I warned him of what kind of info could be stolen. :/

Then I warned my mom later on, telling her she should check for updates on her computer. She said "I think I have it set to automatically update, but I'm not sure it really does anything" *facepalm* XD

colours · Oct 16, 2017

as this article points out, the exploit is certainly something to be aware of, but it's not really something to flip your shit over.

As such, you can protect yourself to a great extent by sticking with sites that have solid, proven HTTPS security. And of course, the attack won't work unless the attacker is nearby and can physically access your network.

The problem should be relatively easy to fix. A firmware change can force routers to require a dedicated certificate for each handshake, instead of relying on the one already generated. And, as the security researchers who discovered it say, "implementations can be patched in a backwards-compatible manner."

That means if you patch your Android device and not your router, you can still communicate and be safe, and vice-versa. Nevertheless, they also advise to patch all your devices as soon as security updates are available.

Zeffy · Oct 17, 2017

During one of the career talks I attended in uni, a security engineer outlined how it would be possible to crack through Wi-Fi security by replicating the access point's SSID. He did admit that what he said was all theoretical, but he emphasized that the possibility exists. I didn't think much of it at the time, but reading through this has been quite surreal for me.

On an unrelated note, someone filed a copyright claim on the YouTube video that demonstrated KRACKs and wanted monetize the video with ads lol

Dter ic · Oct 17, 2017

Otter Mii-kun said:
Why is it EVERY SINGLE piece of technology has to have such severe security issues these days!? Seems like newer versions of software and hardware standards are becoming less and less secure every day (not to mention increasingly lower quality than past versions)!

I wish software (and hardware) was still made the way it was 20-25 years ago.

This is not a new phenomenon, software/hardware comes out and sooner or later someone will find a weakness in it and exploit then and a fix comes out later.

I suspect what has been been a routine thing has just been made more aware to the general public because of the increased awareness around security.

colours said:
as this article points out, the exploit is certainly something to be aware of, but it's not really something to flip your **** over.

At least the variant affecting Android 6.0+ is a significant issue since it can decrypt secure HTTPS traffic. The issue is now down to whether you're fortunate to receive a security patch on your Android phone.

Mewtwolover · Oct 18, 2017

string555 said:
At least I already found an update for my Ubuntu system, that was fast. :D

That's just normal, wpasupplicant is so critical piece of software that vulnerabilities in it must be fixed asap. AFAIK there isn't even alternatives for it.

Leviathan · Oct 18, 2017

As a portion of this kind of hack relies on the proximity of a hacker to a target, I'm not too concerned. More reasons to not use public wifi hotspots either I suppose.

Urist McHemlock · Oct 18, 2017

WPA2 AES or WPA2 TKIP?

Tsutarja · Oct 18, 2017

LeviathanX said:
More reasons to not use public wifi hotspots either I suppose.

This is where a VPN comes in handy as well, to be honest.

Dter ic · Oct 20, 2017

Urist McHemlock said:
WPA2 AES or WPA2 TKIP?

Works with all ciphers though it's worse for TKIP as with krack you can spoof traffic in the compramised network. source

SECURITY ALERT: WPA2 Cracked!

More options

Tsutarja

Sawsbuck

used Jump Kick! It's super effective!

Tsutarja

string555

Banned

Sawsbuck

used Jump Kick! It's super effective!

Raffy98

[color=#2d9bce][b][span="font-family: 'century got

Melody

Banned

Sawsbuck

used Jump Kick! It's super effective!

Guest123_x1

Guest

string555

Banned

colours

Zeffy

g'day

Dter ic

Fire Emblem....[b]HEROES[/b]

Mewtwolover

Mewtwo worshiper

Leviathan

[span="font-family:ubuntu; color: whitesmoke; padd

Urist McHemlock

Jack Frost of the Jack Brothers

Tsutarja

Dter ic

Fire Emblem....[b]HEROES[/b]