GO PRO for just £50 at PRFire.com

FREE Press Release Distribution

To post an article, login or create an account |  Post an Article

Krack Attack ā€“ Wi-Fi vulnerability affecting WPA

Microworld Technologies Inc

Posted 19th October 2017.

WEP has been considered to be a flawed encryption and WiFi implementations have always concentrated on implementing WPA Encryption standard so as to ensure a secure WiFi communication channel. However, recently researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have found multiple flaws in WPA encryption which would allow hackers to decode the traffic and inject malicious packets into the secure WPA communications channel.

The vulnerabilities in itself are related to the WPA protocol standard which allows the attackers to force the devices to reissue the nonce effectively forcing the devices to initiate Key Reissue Attacks (KRACK).

This weakness in the protocol allows the attackers to sniff the traffic traversing between the devices and access-points while the worst case scenario is an injection of malware into websites. The vulnerability affects all devices running on Windows, MacOS, iOS, Android, and Linux. Due to the devastating implications of this vulnerability, Vendors have been quick to respond and made available patches to mitigate these vulnerabilities.

Identifiers:

1. CVE-2017-13077

2. CVE-2017-13078

3. CVE-2017-13079

4. CVE-2017-13080

5. CVE-2017-13081

6. CVE-2017-13082

7. CVE-2017-13084

8. CVE-2017-13086

9. CVE-2017-13087

10. CVE-2017-13088

More can be read about this research over here https://www.krackattacks.com/

Vendors:

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Ubuntu:

https://usn.ubuntu.com/usn/usn-3455-1/

Redhat:

https://access.redhat.com/security/cve/cve-2017-13080

Intel:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Advisory:

1: Patch your devices as and when the patches are made available

2: Since this is a protocol-level vulnerability, changing password wouldnā€™t help in mitigating the attacks.

For more information, please visit – https://www.escanav.com/

Press Contact

Name: Anshu Ahuja

Phone Number: 2483745020

Email Address: webpr@escanav.com