Ldgc 7 years ago
Security flaw in WPA2!
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping
#security
  • 3

Replies

  • Sigg3 7 years ago
    @Pensador_13 Thank you for the PSA:)

    It's a very bad loophole and at home we have a washing machine with wifi (don't ask, I don't know why). I doubt it'll ever receive security updates :-P
    • 0
  • Ldgc 7 years ago
    Thanks for the info @Sigg3 ;)
    • 1
  • Sigg3 7 years ago
    This is old news:) WPA2 is still secure, this attack piggybacks on a logical error in the 802.11 protocol design. WPA2 is not decrypted.

    wpa_supplicant was the target (and has been patched). The problem is Android clients that don't receive updates.

    The attack is MITM. It works by repeating steps 3 and 4 of the 4 way handshake towards the AP, while acting as a AP itself to the client. This resets the nonce in the key stream to a previously known value. Client's traffic goes through fake AP.
    • 3