ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

WPA2 Cracked

by 4 Comments

https://www.krackattacks.com/

 

WPA2 encryption has been compromised. KRACK Attacks or Key Reinsallation Attack allows hackers to decrypt packets in Wifi traffic and … “use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks.”

 

Things to note:

  • The entire WPA protocol is vulnerable, meaning that this isnt specific to a certain product or implementation
  • According to Wigle.net – a Wifi wardriving analysis site, there are >390M Wifi Networks in the US (that have been found) with nearly 60% of them using WPA2 – as of Jan 2017.
  • This vulnerability CAN be fixed but you must patch

 

I wonder if this will speed up the adoption of a new protocol.

 

 

 

Reader Interactions

Comments

  1. This is pretty scary since WPA2 is the wireless security currently in place for almost all Wi-Fi networks. I know at Verizon old routers still operate on WEP and they applied a firmware update to make sure they operate on WPA2 or we replace it. But to hear it has been cracked, make me a little paranoid about my info I send over the network and if someone is trying to crack it.

  2. Frazer,

    I read about this yesterday as well. It is a bit scary, but the patch was released and “fixed”. This is a man-in-the-middle attack. This is a big issue, but the problem for the “bad guys” is that they would have had to been in your WiFi range to get any of the information.

    Add a compensating control to your house and do a quick search of the WiFi perimeter before sending sensitive data… But I guess that would mean when someone is walking around their house, they may be about to use their credit card on-line. We can’t win…

    • I hear you Fred. I already patched my WAP and router with the latest beta drivers. Getting others to patch is the big problem… I wonder if Starbucks is already updated? How about hotels? Lots of opportunities for bad actors.

Leave a Reply