April 24, 2018

WiFi isn't safe: WPA2 Protocol broken by Belgian Researchers

16 October 2017, 08:38 | Dan Bryan

By inundating a wireless network with authentication handshakes, Vanhoef's research shows it's possible to figure out a 128-bit WPA2 key, through sheer volume of random number collection. It was regarded as safe and largely uncrackable, dynamically generating new keys to encrypt packets.

Attention has focused on WPA2 because it has, until now, been considered secure, and is by far the most widely used protocol to secure WiFi connections.

The WPA2 hack is alarming news, but Alex Hudson, chief technical officer at Iron, advises calm.

The vulnerability was uncovered by Mathy Vanhoef, a security expert at KU Leuven University in Belgium, who said attackers could exploit weakness in the standard itself - not in any products or implementations - to read encrypted data, and inject ransomware or malware into websites using a novel technique called a key reinstallation attack (Krack). The outlined attack works on all modern WiFi networks, and if your device supports WiFi then you are likely already affected.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others are all affected by some variant of the attacks, called KRACK. However, the attack is more hard on those platforms.

He also notes that devices that are running Android or other Linux-based OSes are particularly vulnerable.

GST sops for SMEs, exporters; tax rates on 27 items reduced
Details of the meeting were sketchy, but sources said addressing concerns related to GST are top priority for the government. No input tax credit can be claimed by those opting for composition scheme. - Yarn brought from 18% to 12%.

"The minute you do that, you negate this vulnerability", Rudis said.

In total, 10 CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. In each case, the attacker can force a targeted device to re-install an already-in-use shared key, downgrading the key. The network the device is forced to connect to (the rogue network) will forward internet through it to another connection.

Reusing or recycling a nonce allows the attacker to decrypt and forge packets of information within the traffic stream, exposing user activity and data. This makes it "exceptionally trivial to manipulate and intercept traffic".

The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy for the risk.

In simpler terms, hackers can intrude on your network traffic. "The data transmitted by these devices could now be exposed". Such traffic will be encrypted on its own, and can not be read by the attacker. Vanhoef manages to steal the user's password and username. Home users advised to update their WiFi compatible devices including computers and smartphones. The researchers discovered that the WPA2 protocol does not guarantee each encryption key is only used once.

Even despite the news of a WPA2 hack as outlined at the top of this article, WPA2 is still said to be the most secure protocol. Vanhoef demonstrates such an attack by completely breaking the encryption on a connection between and Android device and the British website of, which did not set up HTTPS properly. The good thing is that all of this is patchable and can be fixed.

Other News

Trending Now

Jim Harbaugh names starting QB for Saturday's game at Indiana
They've been doing that since 2007, and that's why Michigan State is 8-3 in games involving the Paul Bunyan Trophy under Dantonio. MI bizarrely put the ball in the hands of O'Korn amid a deluge, and three straight Wolverines possessions ended in interceptions.

Iowa State Cyclones upset clearly overrated Oklahoma Sooners
The senior ranked second in the Big 12 and fifth in the nation in tackles per game heading into Saturday's contest. Matt Campbell , in his second season as Iowa State's coach, the victory helps prove the program is making strides.

Steelers back at home, ready for run-first Jaguars
The team is averaging only 3.2 yards per carry, which could be the ideal antidote for the Chargers' problems stopping the run. On Pittsburgh's next possession, the Steelers had second-and-10 from their 46 and used one receiver and three tight ends.

Hendricks outduels Strasburg, Cubs beat Nats
The first NLDS game this year is a contest between the defending World Series champion Chicago Cubs and the Washington Nationals . But I don't know, other than trying not to lose again, for me you realize you just got to get there".

Case Keenum replaces Sam Bradford in second quarter against Bears
Though the numbers were far from spectacular, Trubisky provided some promising signs for a struggling franchise. Chicago had a chance to win the game, setting the stage for an incredible ending to Trubisky's first start.

Max Verstappen hoping for rain and not sandwiches at F1 Japanese GP
Hamilton re-joined in third, behind Daniel Ricciardo and Valtteri Bottas - both yet to change tyres. I'm really grateful the vehicle stuck in and I didn't make any mistakes".

Windows Phone is Dead, Microsoft Confirms
He did, however, say the firm would continue to support the platform by launching new security updates and fixing software bugs. Belfiore, an executive at Microsoft, once the face of Windows Phone himself, has declared that the Windows Phone is dead .

Hamilton aiming to build championship lead at Japanese GP
Several drivers , including Lewis Hamilton , had their super-soft qualifying-simulations ruined by the two red-flag interruptions. This is an exciting race with genuinely the three leading teams all hoping they can win.

Green Bay Packers Prevail Over Dallas Cowboys; Twitter Reacts
Rodgers scrambled two plays earlier, on third-and-8, for 18 yards eschewing Mason Crosby and a potential game-tying field goal. What can the Cowboys do to avoid second half collapses? That gave the Cowboys a first down with two minutes left in the game.

Astros vs. Red Sox 2017 live stream
The battered Red Sox left Minute Maid Park on Friday night looking like salmon swimming back upstream, ready to go home and die. The 30-year-old posted an 11-2 record on the road in the regular season, and he only gave 31 earned runs in his 17 road starts.