Unless law enforcement agencies can find a way to bypass the device’s security by exploiting a software flaw, the best they can hope for is to guess a mobile phone’s passcode or to find a suspect willing to cough up.
Read more in my article on the Hot for Security blog.
|
Huge Security Flaw Means Nearly Every WiFi Device In The World Is Vulnerable To Hijacking, Eavesdropping
SFist The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. Serious flaw in WPA2 protocol lets attackers intercept passwords and much more Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 – Publications – Mathy Vanhoef Wi-Fi Alliance® security update |
Enlarge / Android users: your Wi-Fi combo can be set to all zeros.
A paper by two Belgian researchers has cast more light on the vulnerabilities discovered in the Wi-Fi Protected Access II (WPA2) implementations on most, if not all, wireless networking devices that use the protocol. Dubbed “KRACK” (Key Reinstallation AttaCK), the attack “abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key,” wrote Mathy Vanhoef and Frank Piessens of the Katholieke Universiteit Leuven (KU Leuven) in the paper, released today.
The report came after wide disclosure of the problems, as Ars reported Sunday night. The research is built upon previous explorations of weaknesses in WPA2’s component protocols, and some of the attacks mentioned in the paper were previously acknowledged to be theoretically possible. However, the authors have turned these vulnerabilities into proof-of-concept code, “and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.”
While Windows and iOS devices are immune to one flavor of the attack, they are susceptible to others. And all major operating systems are vulnerable to at least one form of the KRACK attack. And in an addendum posted today, the researchers noted that things are worse than they appeared at the time the paper was written:
Read 5 remaining paragraphs | Comments
WRTV Indianapolis |
Equifax breach impacts nearly 4 million Hoosiers
WRTV Indianapolis INDIANAPOLIS — Equifax is reporting an additional 100,000 Hoosiers were impacted by a major data breach, bringing the total to 3.9 million. The new numbers released by the Indiana Attorney General's office come on the heels of Equifax shutting down … |