[Nottingham] WPA2 is falling
Jason Irwin
jasonirwin73 at gmail.com
Tue Oct 17 10:04:18 UTC 2017
On 16/10/17 14:44, Martin via Nottingham wrote:
> On 16/10/17 11:00, Jason Irwin via Nottingham wrote:
>> Or so it seems:
>> https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
>> https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now/
>> https://www.krackattacks.com/
> Wi-fi security flaw 'puts devices at risk of hacks'
> http://www.bbc.co.uk/news/technology-41635516
>
> Looks like a game of handshake replay to weaken or zero the WiFi session
> key.
Updates to wpasupplicant are flowing, Lede is issuing 17.1.4 with the
fix, OpenWRT has backported it to 15.05. So F/OSS seems to have its act
together. MicroTik has a fix out and Ubiquiti has things in-hand too it
seems.
When will Google, MS, Apple etc issue patches? They've had 4 months to
get ready, more than enough time.
Further down the criticality scale; Smart TVs etc will need patches too,
I hope the major OEMs (Samsung, Panasonic etc) are on the ball.
And what about all the IoT devices? Will the no-name OEMs release fixes?
(I think we all know the answers). Hmm...a wireless IoT lightbulb with
it's own DHCP server and network bridging - what could possibly go
wrong? https://mjg59.dreamwidth.org/40397.html
--
╔═════════════╦═════════════════════════════════════════════╗
║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
║ ║ Import from hkp://pgp.mit.edu ║
║ ║ Follow me https://social.irrwitz.com/@jason ║
╚═════════════╩═════════════════════════════════════════════╝
More information about the Nottingham
mailing list