/tech/ - Technology

Brought to you by archive.org

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images


(103.91 KB 644x819 krackwpa2.png)
WPA2 protocol attack Anonymous 10/17/2017 (Tue) 06:41:08 [Preview] No. 11568
https://www.krackattacks.com/

>We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

>The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.

The Q&A is worth reading, and has information on attack mitigations. Unfortunately, if you are using an Android smartphone that isn't receiving updates anymore, your WiFi security on that device is probably null.


Anonymous 10/22/2017 (Sun) 02:46:56 [Preview] No. 11590 del
>if you are using an Android smartphone that isn't receiving updates anymore, your WiFi security on that device is probably null.

If you are using ANY smartphone or other wireless gadget/modem, your WiFi security is null.

Fixed that for you.


Anonymous 10/22/2017 (Sun) 03:08:25 [Preview] No. 11591 del
>>11590
You're welcome to substantiate that by posting proof of concept code for specific attacks that will work against WiFi on any smartphone or "wireless gadget". Keep in mind that to justify the claim that

>If you are using ANY smartphone or other wireless gadget/modem, your WiFi security is null.

your proof(s) of concept will need to be practical and work in a timely fashion. An attack that takes, e.g. a compute cluster, or takes months to recover a key, would be neither.

I look forward to your posting code that demonstrates effective attacks against the iPhone X and the latest, patched Pixel devices that render their WiFi security NIL.


Anonymous 10/24/2017 (Tue) 23:40:39 [Preview] No. 11601 del
>>11591
Very eloquent cuckchan spacing and unattainable plea for evidence and/or a shot in the dark for free exploits.


Anonymous 10/27/2017 (Fri) 01:29:01 [Preview] No. 11605 del
>>11601
The person he was responding to did the exact same spacing.
He's not asking for much. He just wants more information than what the person gave.


Hello 2-weeks old thread! Anonymous 11/10/2017 (Fri) 03:23:54 [Preview] No. 11737 del
>>11591
>your proof(s) of concept will need to be practical and work in a timely fashion
There are actual working scripts already which are very easy to use.

>An attack that takes, e.g. a compute cluster, or takes months to recover a key
This attack is about being mitm and getting your traffic even without your WPA2 pre-shared key.


Anonymous 11/10/2017 (Fri) 10:31:42 [Preview] No. 11738 del
>>11737
>There are actual working scripts already which are very easy to use.
Can you post a link to them?
Trying not to be annoying, but you really have to back shit up on an imageboard.
If people don't believe you they won't bother fact checking, and if they do believe you but don't have a link they'll leave with information that they have no means to back up.


Anonymous 11/11/2017 (Sat) 21:46:40 [Preview] No. 11741 del
>>11737
>There are actual working scripts already which are very easy to use.
Worthless response.

>This attack is about being mitm and getting your traffic even without your WPA2 pre-shared ke
Learn to read a thread, you stupid motherfucker. We're not talking about the KRACK attack, we're talking about >>11590's assertion that all WiFi security is null. He was challenged to post an attack or attacks that make that statement true. He failed to do so, because he's also a stupid motherfucker.

Try to figure out what's going on in a thread before you waste everyone's time.


Anonymous 11/12/2017 (Sun) 02:06:41 [Preview] No. 11742 del
Goodness gracious! What an asshole!


Anonymous 11/12/2017 (Sun) 21:02:26 [Preview] No. 11747 del
>>11738
yeah, it's skid-tier simple to execute

/watch?v=w2dcknR4ZOA


Anonymous 11/13/2017 (Mon) 19:22:55 [Preview] No. 11751 del
>>11747
Okay, I may have fucked up since I might have misread what >>11590 was trying to say.
I thought they was saying
>any form of WIFI security, even forms patched after the attack are insecure.
instead of
>this affects all devices because it's a flaw in the specification instead of the implementation.
I'll mostly agree with the second, although it's easy to attack some devices than others. The first one not so much.



Top | Return | Catalog | Post a reply