Major vulnerability found in WPA2 protected networks.
https://www.youtube.com/watch?v=Oh4WURZoR98
The vulnerability in WPA2 means hackers can access "credit card numbers, passwords, chat messages, emails, photos" or anything else transmitted over Wi-Fi, according to Dr Mathy Vanhoef.
Dr Vanhoef, a researcher at KU Leuven, published the details of what he branded the KRACK (key reinstallation attack) on Monday.
Experts claim it poses a huge risk to businesses - and warn the issue may never be completely fixed for old phones and routers
Re: Major vulnerability found in WPA2 protected networks.
Quote:
Originally Posted by
piggzy
The vulnerability in WPA2 means hackers can access "credit card numbers, passwords, chat messages, emails, photos" or anything else transmitted over Wi-Fi,
Sorry but isn't this only information not sent via HTTPS etc. over Wi-Fi
Re: Major vulnerability found in WPA2 protected networks.
Quote:
Originally Posted by
koola2
Sorry but isn't this only information not sent via HTTPS etc. over Wi-Fi
I'd say yes although getting onto the network means they could then attack HTTPS connections etc. Still a bit of a broad statement. Worry mongering methinks...
Re: Major vulnerability found in WPA2 protected networks.
Yes it is only non HTTPS but as the video shows the sly little redirects will often go unoticed by users that would normally use the HTTPS site.
How often do you look to check if the padlock is there ??? I know I often forget to check.
Re: Major vulnerability found in WPA2 protected networks.
Re: Major vulnerability found in WPA2 protected networks.
Quote:
Originally Posted by
koola2
Sorry but isn't this only information not sent via HTTPS etc. over Wi-Fi
Quote:
Originally Posted by
EvilBoB
I'd say yes although getting onto the network means they could then attack HTTPS connections etc. Still a bit of a broad statement. Worry mongering methinks...
Quote:
Originally Posted by
piggzy
Yes it is only non HTTPS but as the video shows the sly little redirects will often go unoticed by users that would normally use the HTTPS site.
How often do you look to check if the padlock is there ??? I know I often forget to check.
Websites aren't the only use of LAN/WLAN's. Access a LAN, then you can try and attack weak devices and extract admin credentials which may be reused on other devices for example. Lets just say your credit card company for example has security for their website, but anyone could just sit outside the office and sniff data......
Quote:
Originally Posted by
c0axial
Now that any script kiddie can download this, the risk of attack becomes much less than just hypothetically possible.
Re: Major vulnerability found in WPA2 protected networks.
Re: Major vulnerability found in WPA2 protected networks.
I'm guessing you mean say I was hardwired, this attack won't work.
However lets say consider a typical office with LAN+WLAN all on the same broadcast domain and VLAN. Even if all devices intended to be connected are hardwired, someone can still connect to the LAN via WLAN, then start exploiting weak devices and hopefully find the admin credentials on a weak device are the same on many other devices.
Re: Major vulnerability found in WPA2 protected networks.
Yeah hardwired PC's wont help if they get on your network and hack your firewall etc ;-)
Re: Major vulnerability found in WPA2 protected networks.
Hardwired (as mine is) just means they cant use you to initiate the attack, but you say above once your network is compromised you are fair game too.
If every device is hardwired you would be safe but that is never gonna happen. Never heard of a lan cable for a mobile ;-)
These scripts and tools (which are being bundled in the latest Kali build afaik) make it too easy for pretty much anyone with very little knowledge to use.
Roll on WiLi or whatever its latest name is ;-)