KRACK Attacks: Wi-Fi Security Has Been Breached

According to a recent article,  researchers have announced that Wi-Fi security has a protocol level exploit that can render all Wi-Fi traffic vulnerable to sniffing or manipulation. The good news is that if you are already using an independent form of end-to-end encryption such as SSL/TLS then the stolen packets are of little use as they are encrypted independent of the WEP/WPA1/WPA2 protocols.

These vulnerabilities are scheduled to be presented on November 1st at the 24th annual “ACM Conference on Computer and Communications Security” to be held in Dallas, TX.

Paper Title:

     “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2”

Authors:

     Mathy Vanhoef (KU Leuven, imec-DistriNet)

     Frank Piessens (KU Leuven, imec-DistriNet)

Securing your Wi-Fi traffic with SSL/TLS, offered by @wolfSSL, can keep your data secure in a wireless world by providing independent end-to-end security for your Wi-Fi traffic rendering any stolen Wi-Fi traffic useless to attackers. Users MUST BE AWARE and look for the green lock to ensure the SSL/TLS was not stripped while using Wi-Fi (See video below for explanation!)

PLEASE WATCH THIS VIDEO so you know how to detect if SSL/TLS has been STRIPPED and your traffic is vulnerable to sniffing and/or modification!

An addendum to the report notes that all WPA Supplicant users using v2.6 are vulnerable to this attack (All android 6.0+ users).

References:

https://www.theverge.com/2017/10/16/16481136/wpa2-wi-fi-krack-vulnerability

https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns

https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/

https://www.krackattacks.com/

https://acmccs.github.io/session-F3/

https://w1.fi/wpa_supplicant/