Canadian TV, Computing and Home Theatre Forums banner

wifi wpa2 krack

6K views 45 replies 12 participants last post by  ExDilbert 
#1 ·
Not sure where this should go, so figure toss it in the windows forum where it may get the most visibility...
All kinds of articles flying around after this announcement today.
This is one, and google will find a whole bunch more.

Wifi WPA2 Krack
 
#4 ·
I saw the announcement this morning as well. It's a major flaw in WPA2 that affects every wifi device with WPA2 ever made. For minimal protection, use HTTPS. For better protection, use an encrypted proxy server connection. To reduce the possibility of hacking from road warriors, when when traveling and at wifi hot spots, turn wifi off when it's not needed.
 
#13 ·
that is nice
And very, very fast. One article I read said that Windows 10 was patched but is still vulnerable to one variant of the attack. Some devices may never have a patch available, such as routers or Android devices over 2 years old, the majority of IoT devices and Windows XP or Vista computers. Many devices that have a patch available may not get upgraded, either due to lack of automated updates or failure by consumers to install patches or upgraded firmware. Then there are all the business and institutional customers who use dated systems due to mission critical legacy software and internal IT policies. Hackers are going to have a field day with this one.
 
#20 ·
Tbaytel said:
the good news is is that most connected devices have already been updated and patched(ie: windows and IOS) so its not a huge issue at the moment
A wildly inaccurate, self serving statement to obscure the facts if there ever was one.

Android outnumbers iOS in number of devices and by about 8 to 1 in sales. Android also outnumbers Windows PCs by a huge margin and Windows phones are insignificant in numbers. Android devices are the least likely to get timely patches and most likely lose support and receive no patches at all. The biggest problems are and will be Android vendors and wireless router vendors that don't update owners' devices. The other reason it's still a huge issue is that EVERY wifi device you own needs to be patched. Just one unpatched device will let hackers steal passwords and plant malware that can compromise an entire local network.
 
#25 ·
The latest information suggests that exposure exists with the connecting device and not the AP. The AP is only an issue if it is in bridge mode and is wifi connected to another AP. This implies that the typical home router does not need a patch/firmware update.

The exposure is high for all the IOT devices that are not supported and will most likely never be patched. But the risk to most people using these devices may be low as the attack must be made within your network.

Any portable devices (cellphone, PC's, tablets, etc), not patched and used on a public network are vulnerable.
 
#26 ·
^^^^
One thing that many appear to forget is the attacker has to be physically close to intercept the WiFi. If your WiFi is out of range of an attacker, you can't be attacked. This is not an attack over the Internet.
 
#27 ·
Agreed. Road warriors could be an issue for businesses. The most likely scenario is that people using wifi hotspots will be hacked. Leaving a phone's wifi on and set to automatically connect to unlocked hotspots may be an issue. It's probably best to turn wifi off when it's not in use with a phone or any portable device, especially when on the move.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top