[Cryptography] [FORGED] Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Henry Baker hbaker1 at pipeline.com
Tue Oct 17 00:22:56 EDT 2017

At 06:42 PM 10/16/2017, John Levine wrote:
>In article <1508202259012.9724 at cs.auckland.ac.nz> you write:
>>Not to mention that fact that it's a forever-day on most devices...
>Depends what devices.
>Microsoft has already shipped patches for Windows 7, 8, and 10, and many network equipment providers from Cisco to Ubiquiti have too.
>I've already updated my one Win 7 computer and my access point.
>iOS and Android are the main issues, and I suppose firmware-only IOT devices although in most cases it's not obvious to me what useful attacks you can make on a wifi camera through Krack that you can't do easier some other way.
>Krack requires that you're within wifi range, after all.
>R's, John

Biggest problem IMHO is Android.  There doesn't appear to be any way -- short of a class-action lawsuit -- to force the Android phone vendors to supply a firmware upgrade.  They're already 12-24 months behind on CVE's.  And I doubt that Google is willing to upgrade every Android phone on its own.

Oh, and BTW, Cyanogen is out of the Android OS business; LineageOS (lineageos.org) hasn't said anything about this WPA2 bug yet.

In the meantime, it's probably not a good idea to activate your Android phone's "hotspot" feature.

More information about the cryptography mailing list