•   
  •   

Tech & Science Virtually every WiFi router affected by WPA2 security flaw

15:57  16 october  2017
15:57  16 october  2017 Source:   engadget.com

Google balloons to help restore Puerto Rico's cell networks

  Google balloons to help restore Puerto Rico's cell networks Google's parent company is set to launch balloons into the Caribbean skies in an attempt to restore telephone networks in hurricane-ravaged Puerto Rico. Alphabet Inc., which controls Google, obtained authorization from the US Federal Communications Commission (FCC) to deploy the devices -- developed from 2013 as part of a project known as "Loon.

A security protocol at the heart of most modern Wi - Fi devices, including computers, phones, and routers , has been broken, putting almost every wireless-enabled device at risk of attack. The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA 2

Researchers have discovered a key flaw in the WPA 2 WiFi encryption protocol that could allow That means that just about every router , smartphone and PC out there could be impacted Other devices, like those running MacOS, Windows, OpenBSD and other operating systems, are affected to a lesser

  Virtually every WiFi router affected by WPA2 security flaw © Provided by Engadget UK

Researchers have discovered a key flaw in the WPA2 WiFi encryption protocol that could allow hackers to intercept your credit card numbers, passwords, photos and other sensitive information. The flaws, dubbed "Key Reinstallation Attacks," or "Krack Attacks," are in the WiFi standard and not specific products, according to the security team that discovered it. That means that just about every router and device out there could be impacted, though attacks against Linux and Android 6.0 or greater devices could be "particularly devastating," according to KU Leuven University's Mathy Vanhoef and Frank Piessens, who found the flaw.

WiFi mesh networks can detect your breathing

  WiFi mesh networks can detect your breathing They just need to add Origin Wireless' algorithm.A "Time Reversal Machine" setup consists of at least two hubs: one router is designated as an "Origin" transmitter, with the remaining routers acting as "Bot" receivers. A 5GHz signal is applied here (so it can be either 802.11a, 802.11n or 802.11ac), and to avoid interference, the signal consists of just CSI (channel state information) which is only used during mesh network configuration.

Several key vulnerabilities that have been discovered recently in the Wi - Fi standard put just about every router Security researchers Mathy Vanhoef and Frank Piessens of KU Leuven University have been credited with finding the crucial flaws in the Wi - Fi standard itself and not specific products.

Wi - Fi Protected Access 2 (or WPA 2 ) is used by virtually every Wi - Fi -enabled device to encrypt the Wi - Fi connection, making KRACK particularly significant. Luckily, the security flaw can be patched through a software update with reverse compatibility.

Attackers create a script that finds a WPA2 network, then make a carbon copy of it and change the WiFi channel. This new, fake network then acts as a "man in the middle," so when a device attempts to connect to the original network, it can be forced to bypass it and connect to the rogue one. The problem is made worse by Android and Linux, which don't force the client to demand a dedicated certificate. In some cases, a script can also force a connection to bypass HTTPS, exposing usernames, passwords and other critical data.

The system takes advantage of a flaw in the "handshake" method to direct users to the malicious network. Neither WiFi passwords nor secret keys can be obtained, the researchers say, as the hack works by forging the entire network. As such, it can't be used to attack routers, but hackers can still eavesdrop on traffic, making it particularly dangerous for corporations. Some details are still unclear, but it appears that for the hack to work, you may need to have had previous access to the WPA2 network.

A year later, Google WiFi is still the best option for home internet

  A year later, Google WiFi is still the best option for home internet As a tech journalist, I should care more about routers. I know enough not to rely on the hunk of junk offered up by most ISPs, but after buying a good router for a couple hundred bucks years back, I just didn’t see any reason to upgrade.especially for people with connectivity issues. And then we moved into a bigger house.

A vulnerability called KRACK affects nearly every Wi - Fi device on the market. A flaw in WPA 2 's cryptographic protocols could be exploited to read and steal data that would otherwise be protected, according to new research from security researcher Mathy Vanhoef of KU Leuven in Belgium.

Therefore, any correct implementation of WPA 2 is likely affected . Is my device vulnerable? What if there are no security updates for my router or access point? The Wall Street Journal: Significant Flaw Discovered in Wi - Fi Security Protocol.

Watch: How to change your WiFi channel and avoid neighbour interference (Mental Floss)

As shown above, the researchers did a proof-of-concept attack on Android, and were able to decrypt all the victim's transmitted data. The researchers point out that this will "not work on a properly configured HTTPS site," but will work on a "significant fraction" that are poorly set up. Other devices, like those running MacOS, Windows, OpenBSD and other operating systems, are affected to a lesser extent. "When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted," say the researchers.

After earlier, more limited hacks, the WPA2 protocol has been suspect for a while, so many security folks were already bracing themselves for something more serious. If you still doubt the seriousness of it, Alex Hudson, for one, is actually advising Android users to "turn off WiFi on these devices until fixes are applied." He adds that "you can think of this a little bit like your firewall being defeated."

Alan Davies points out The Great British Bake Off's biggest flaw

  Alan Davies points out The Great British Bake Off's biggest flaw Alan Davies pointed out a major flaw on The Great British Bake Off during an appearance on An Extra Slice - find out what he had to say!The QI panellist said: "It's a slightly flawed programme, this.

The flaws , dubbed "Key Reinstallation Attacks," or "Krack Attacks," are in the WiFi standard and not specific products, according to the security team that discovered it. That means that just about every router and device out there could be impacted, though attacks against Linux and Android

Router Security . Wi - Fi Protected Setup - WPS. Website by Michael Horowitz. Design Flaw . The obvious problem with the Router PIN code mode of operation is that WiFi clients can guess, and guess and Trustwave SpiderLabs Security Advisory TWSL2018-004 A bug affected 6 Netgear routers .

As such, you can protect yourself to a great extent by sticking with sites that have solid, proven HTTPS security. And of course, the attack won't work unless the attacker is nearby and can physically access your network.

The problem should be relatively easy to fix. A firmware change can force routers to require a dedicated certificate for each handshake, instead of relying on the one already generated. And, as the security researchers who discovered it say, "implementations can be patched in a backwards-compatible manner."

That means if you patch your Android device and not your router, you can still communicate and be safe, and vice-versa. Nevertheless, they also advise to patch all your devices as soon as security updates are available. For more details about the hack, check this very detailed FAQ from Aruba Networks.

Krack Attacks

NOW SEE: Four things that might be slowing your WiFi down

Google's annual report shows more web traffic is encrypted .
For several years now, Google has been exerting pressure to increase the usage of HTTPS across the internet. By defaulting to secure connections on both ends, users can be protected from anyone who may intercept or even manipulate data as it flows back and forth -- quite useful in a world where you can't even trust WiFi. For its own products, Google says HTTPS use is up to 89 percent overall, up from just 50 percent at the beginning of 2014. The number of top 100 websites defaulting to HTTPS has nearly doubled since last year (way to catch up), growing from 37 to 71.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!