[Nottingham] WPA2 is falling

Jason Irwin jasonirwin73 at gmail.com
Tue Oct 17 10:04:18 UTC 2017

On 16/10/17 14:44, Martin via Nottingham wrote:
> On 16/10/17 11:00, Jason Irwin via Nottingham wrote:
>> Or so it seems:
>> 	https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
>> 	https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now/
>> 	https://www.krackattacks.com/
> Wi-fi security flaw 'puts devices at risk of hacks'
> http://www.bbc.co.uk/news/technology-41635516
> Looks like a game of handshake replay to weaken or zero the WiFi session
> key.

Updates to wpasupplicant are flowing, Lede is issuing 17.1.4 with the
fix, OpenWRT has backported it to 15.05. So F/OSS seems to have its act
together. MicroTik has a fix out and Ubiquiti has things in-hand too it

When will Google, MS, Apple etc issue patches? They've had 4 months to
get ready, more than enough time.

Further down the criticality scale; Smart TVs etc will need patches too,
I hope the major OEMs (Samsung, Panasonic etc) are on the ball.

And what about all the IoT devices? Will the no-name OEMs release fixes?
(I think we all know the answers). Hmm...a wireless IoT lightbulb with
it's own DHCP server and network bridging - what could possibly go
wrong? https://mjg59.dreamwidth.org/40397.html

║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1    ║
║             ║ Import from hkp://pgp.mit.edu               ║
║             ║ Follow me https://social.irrwitz.com/@jason ║

More information about the Nottingham mailing list