[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
Erwan Ounn
erwan.ounn.84 at gmail.com
Mon Oct 16 13:53:50 EDT 2017
> On Oct 16, 2017, at 15:41, Sidney Markowitz <sidney at sidney.com> wrote:
>
> According to this article, a protocol level vulnerability has been found in
> WPA2 that allows an attacker to eavesdrop on WPA2 protected WiFi traffic. As a
> vulnerability in the protocol it potentially affects all compliant
> implementations of WPA2.
>
> https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
>
> It links to an article by one of the researchers who found it at
> https://github.com/vanhoefm/krackattacks/blob/gh-pages/index.html
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
It’s indeed a critical vulnerability. FYI, you can read more about it on the researcher’s webpage: https://www.krackattacks.com/ <https://www.krackattacks.com/>
Quoting the relevant bits (emphasis mine):
We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. […] Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.
[…]
This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data.
[…]
The research behind the attack will be presented at the Computer and Communications Security (CCS) <https://acmccs.github.io/session-F3/> conference, and at the Black Hat Europe <https://www.blackhat.com/eu-17/briefings/schedule/#key-reinstallation-attacks-breaking-the-wpa2-protocol-8861> conference. Our detailed research paper <https://www.krackattacks.com/#paper> can already be downloaded.
Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171016/d6f987d8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171016/d6f987d8/attachment.sig>
More information about the cryptography
mailing list