[Cryptography] [FORGED] Re: Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Ángel angel at crypto.16bits.net
Tue Oct 17 14:50:46 EDT 2017


On 2017-10-17 at 01:42 +0000, John Levine wrote:
> iOS and Android are the main issues, and I suppose firmware-only IOT
> devices although in most cases it's not obvious to me what useful
> attacks you can make on a wifi camera through Krack that you can't do
> easier some other way.  Krack requires that you're within wifi range,
> after all.

Thief obtaining the footage that the camera is recording?

that could go from obtaining actual valuable data from that (eg. a
security camera recording a pin or password entry) to gathering useful
information for a later intrusion (think on your favourite movie where
the spy is abusing that they have access to the target CCTV system)

Actually, having a movie where they were viewing their cameras through a
KRACK exploit because they failed to update their cameras firmware would
be a nice improvement over the classical "they simply had a skilled
cracker on the team".


One wonders why would a sensitive camera be using a WiFi network rather
than being wired, but I'm afraid that, out of convenience, there will be
companies doing that IRL.

Cheers



More information about the cryptography mailing list