Detection of a Serious Security Vulnerability

in #security7 years ago


Wireless networks
The vulnerability is in the WPA2 protocol used to protect home and institutional wireless networks.


Researchers have discovered a serious loophole in the wpa2 protocol, a common security protocol used to protect home and enterprise wireless networks, allowing hackers to intercept traffic between computers and wireless network points.

The researchers called the gap "KRACK," an acronym for "Key Reinstallation Attack," and more details of the breach are expected to be released today at the krackattacks.com website before it will be officially released on November 1, in a security conference in Dallas.

Because of the gravity of the breach, it has become secret and fraught with security weeks ago for fear that the details leaked to cyber criminals and hackers before finding a suitable solution to security vulnerabilities.

According to a researcher who has been briefed on the vulnerability, it is working by exploiting the so-called four-way handshake system used to create keys to encrypt traffic. In one step the key can be sent several times, and when sent in certain ways, encryption can be used in a way that completely undermines it.

The United States Computer Emergency Readiness Team issued a warning saying that the impact of exploiting these vulnerabilities includes decoding, hijacking TCP connections, injecting content in HTTP, and repeated data transfer attacks or delayed for malicious purposes, and all applications of this protocol will be affected by the vulnerability.

Ars Technica, one of the researchers, said Aruba and Ubiquitoy, which sell wireless access points to large companies and government organizations, already have updates available to patch or reduce the vulnerability.

According to the site, it is unlikely to correct the vast majority of access points quickly, and perhaps some may not be corrected at all.

Source

Sort:  

Such a great post, thank you for sharing with us.

This might be the biggest issue since Heartbleed! If you guys are interested check out the article by arstechnica.com, there's a lot more detail, AND it's in English.

This wonderful post has received a bellyrub 8.59 % upvote from @bellyrub thanks to this cool cat: @ghasemkiani. My pops @zeartul is one of your top steemit witness, if you like my bellyrubs please go vote for him, if you love what he is doing vote for this comment as well.