[Cryptography] [FORGED] Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
hbaker1 at pipeline.com
Tue Oct 17 00:22:56 EDT 2017
At 06:42 PM 10/16/2017, John Levine wrote:
>In article <1508202259012.9724 at cs.auckland.ac.nz> you write:
>>Not to mention that fact that it's a forever-day on most devices...
>Depends what devices.
>Microsoft has already shipped patches for Windows 7, 8, and 10, and many network equipment providers from Cisco to Ubiquiti have too.
>I've already updated my one Win 7 computer and my access point.
>iOS and Android are the main issues, and I suppose firmware-only IOT devices although in most cases it's not obvious to me what useful attacks you can make on a wifi camera through Krack that you can't do easier some other way.
>Krack requires that you're within wifi range, after all.
Biggest problem IMHO is Android. There doesn't appear to be any way -- short of a class-action lawsuit -- to force the Android phone vendors to supply a firmware upgrade. They're already 12-24 months behind on CVE's. And I doubt that Google is willing to upgrade every Android phone on its own.
Oh, and BTW, Cyanogen is out of the Android OS business; LineageOS (lineageos.org) hasn't said anything about this WPA2 bug yet.
In the meantime, it's probably not a good idea to activate your Android phone's "hotspot" feature.
More information about the cryptography