Houston, we’ve had a problem : WPA2 WiFi encryption is cracked, your computers and phones are at risk to be hacked.

@topffer (30532)
France
October 18, 2017 1:00pm CST
Until this week, the WPA2 protocol was supposed to be secure as it could only be attacked by breaking the password with a dictionary or by brute force, and fixes had been made to block a repeated attack at router level. It is no more true since 2 searchers of the University of Leuven in Belgium, Mathy Vanhoef and Frank Piessens, have discovered a major vulnerability permitting to crack WPA2 without needing to crack the password, so it is a matter of seconds. Once cracked all the WiFi data are visible for the attacker, including sensible data like logins and passwords. I give a link to a website that they have created to know the details if you are interested. To be simple, are at risk to be cracked until a fix is released : all Apple computers, tablets and phones, all Linux computers using wpa_supplicant 2.4+, all Android phones and tablets equipped with Android 6.0 and up. Have been patched and are safe provided that you installed the security updates : OpenBSD 6 and 6.1 since August 30th ; Windows 7, 8.1 and 10 since October 10th. A patch has been seeded in iOS 11.1 beta 3, watchOS 4.1 beta 3, tvOS 11.1 beta 3, and macOS High Sierra 10.13.1 beta 2, which are developer versions, on October 16th, but Apple has not stated when they will release these updates. Until a patch is released for your platform, I would recommend to avoid to use WiFi connections for anything needing security. To surf the web or watch a Youtube video, WiFi is alright. My phone, using an old Android version seems safe, while my Linux laptop is at risk. And you ?
This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.
18 people like this
18 responses
@kobesbuddy (19399)
• East Tawas, Michigan
18 Oct
I don't understand this, nither do I have an android cell phone. I don't use WiFi so, I'm not at risk for any of this.
6 people like this
@topffer (30532)
• France
18 Oct
If you do not use WiFi to connect your computer to internet you do not risk anything.
5 people like this
@kobesbuddy (19399)
• East Tawas, Michigan
18 Oct
@topffer We do have WiFi but, I never use it.
3 people like this
@kepweng (6303)
18 Oct
good luck to residents of houston texas but its not worldwide right?
5 people like this
@topffer (30532)
• France
18 Oct
Oh, yes, it is worldwide, Houston included.
4 people like this
@pgntwo (21696)
• Derry, Northern Ireland
18 Oct
There was not a simple layman's terms version of this to be found earlier this week... Good share,
4 people like this
@topffer (30532)
• France
20 Oct
I shared it as soon as I discovered it. I thought that I was not the only one concerned.
1 person likes this
@pgntwo (21696)
• Derry, Northern Ireland
20 Oct
@topffer I can appreciate the seriousness of the exploit, even if reading most sensible accounts of it is exceedingly hard work.
1 person likes this
@pgntwo (21696)
• Derry, Northern Ireland
20 Oct
@topffer That tends to happen, I have found.
1 person likes this
@celticeagle (115084)
• Boise, Idaho
18 Oct
No Wifi for me then.
4 people like this
@topffer (30532)
• France
18 Oct
For a phone it is not a big problem, for a laptop it is more embarrassing, I have reconnected mine with a cable.
5 people like this
@celticeagle (115084)
• Boise, Idaho
18 Oct
@topffer .....I have a laptop and have had no problem.
4 people like this
@topffer (30532)
• France
18 Oct
@celticeagle Mine runs Linux. I hope that a fix will be released soon.
4 people like this
@Corbin5 (81315)
• United States
18 Oct
My laptop is not at risk but my phone may be. Thank you for the link.
4 people like this
@topffer (30532)
• France
18 Oct
I discovered this information only today. I do not know if wpa_supplicant can be fixed easily, as it is used in quite all flavors of Linux and on the recent versions of Android. If your phone is a new Android phone, I am afraid that a basic update will not be enough, and that the OS will have to be upgraded.
4 people like this
@Corbin5 (81315)
• United States
18 Oct
@topffer I think my phone is OK since it is a 5-year-old Apple iPhone. My laptop is a Lenovo, so I may be safe with that too.
4 people like this
@topffer (30532)
• France
18 Oct
@Corbin5 The laptop is ok, the phone is vulnerable, Apple has not released any fix for now.
4 people like this
@jstory07 (58289)
• Roseburg, Oregon
18 Oct
I have an android cell phone so I hope it is safe. After all it is suppose to be a cell phone.
4 people like this
@topffer (30532)
• France
18 Oct
All phones are safe if you do not use a WiFi connection. The versions of Android before 6.0 Marshmallow (released in November 2015) are safe. 6 and up are using wpa_supplicant and are at major risk to have their wifi hacked.
4 people like this
@jstory07 (58289)
• Roseburg, Oregon
19 Oct
@topffer It is a smart phone with a wifi connection. We run the security program every day.
2 people like this
@LadyDuck (121416)
• Switzerland
19 Oct
So my husband was right, the first thing he does when we change the router is to turn the Wi-Fi off, we only use a LAN cable. Thank you for the link.
3 people like this
@topffer (30532)
• France
19 Oct
WiFi cannot be 100% secure, but I do not imagine that somebody could spend years to decrypt a recorded WiFi signal, except a state secret service. WPA2, once patched, is still reasonably secure.
3 people like this
@LadyDuck (121416)
• Switzerland
19 Oct
@topffer I use my laptop when I wait for him at the hospital. He has a weekly treatment and I have to wait for a little more than one hour. I have no personal data at all stored on that laptop, they can get nothing interesting.
3 people like this
@topffer (30532)
• France
19 Oct
@LadyDuck I am a bit paranoid, and I surf with Tor when I connect to a public WiFi with my phone,using Orbot which is a good app to connect to the Tor network on an Android device.
3 people like this
@louievill (16346)
• Philippines
18 Oct
My phone is at risk since it's a marshmallow and I use wi-fi
3 people like this
@topffer (30532)
• France
18 Oct
Android has switched to wpa_supplicant with Marshmallow, I hope that they will find a way to fix it, as quite all Linux flavors are also vulnerable actually, the only thing I cannot tell, is if it will be possible to do it with a simple update, or if it will need an upgrade. In the last case, each brand would have to release an upgrade for any different phone, and it will be probably not available for all phones.
3 people like this
@louievill (16346)
• Philippines
18 Oct
@topffer I'd just not think about it, it gives me a headache, better buy a hardware wallet for my cryptos lol
3 people like this
@topffer (30532)
• France
18 Oct
@louievill Lol, I hope that your cryptos will not also give you a headache.
2 people like this
@Emmlex1000 (1507)
• Lagos, Nigeria
18 Oct
Is my HTC phone safe
3 people like this
@topffer (30532)
• France
18 Oct
It depends of its OS version.
3 people like this
• Dallas, Texas
19 Oct
@topffer , Have you read this article?
Hacker News new | comments | show | ask | jobs | submit login How I cracked my neighbor's WiFi password without breaking a sweat (arstechnica.com) 240 points by laxk 1878 days ago | hide | past | web | 141 comments | favorite scott_s 1878 days ago No doubt
1 person likes this
@topffer (30532)
• France
19 Oct
@lookatdesktop Not this one, but the method described is no more effective on recent routers. They are equipped to detect and block brute force attacks.
1 person likes this
@DaddyEvil (22323)
• United States
19 Oct
My phone is running version 5.1 so should be safe. Also my tablets. The only at-risk machine I have is my old pc that I have running Linux right now. Thank you for the information, Top! I will let people know at work today.
3 people like this
@topffer (30532)
• France
19 Oct
I discovered that yesterday, and thought that it was important to share it on myLot. Android 6 and above are at risk because they use wpa supplicant like quite all Linux flavors. I hope that we will have a patch released quickly.
3 people like this
@DaddyEvil (22323)
• United States
19 Oct
@topffer You and me both, Top! I really do appreciate you telling us! I hadn't encountered this information yet.
3 people like this
@YrNemo (8460)
18 Oct
I will have to go do more research about this. Your discussion worried me. I use a laptop, wifi but my laptop is not having anything to do with Apple or Linus, should I still worry?
3 people like this
@topffer (30532)
• France
18 Oct
If it is a Windows laptop, and the updates are done automatically, then it is safe. Microsoft fixed the vulnerability in a security update released on October 10th for all the supported versions of Windows.
3 people like this
@YrNemo (8460)
19 Oct
@topffer I am tempted to do a happy dance after reading your reply, but I am too sleepy, I will do that happy dance later when I have more time . Thanks .
3 people like this
@Susan2015 (18631)
• United States
20 Oct
I don't understand a lot of the computer jargon, but I don't think I ever use Wi Fi.
2 people like this
@topffer (30532)
• France
20 Oct
I think you are using Windows ? If it is the case, you are safe even if you use WiFi.
• Pamplona, Spain
20 Oct
I don´t use wifi at all. Its good to warn all others though thank you as they are not aware of what might go on. My mobile is not a smart phone either although sometimes I wish that it was.
1 person likes this
@topffer (30532)
• France
20 Oct
Phones who are not smart are the most secure, they stay free of virus and malware.
1 person likes this
• Pamplona, Spain
20 Oct
@topffer I feel a bit sheepish as most everyone has a smart phone and I have this ordinary one but it is new. Its what I can afford and I needed to have one living here so I could only buy that. I know they are safer yes and more manageable and you don´t have to keep charging them up so often either.
1 person likes this
@topffer (30532)
• France
20 Oct
@lovinangelsinstead21 As long as it does the job for you, it is alright. My smartphone was not very expensive for a 4G smartphone, I bought it new 130 Euros, and you can find small second hand smartphones for 40 Euros. I have to charge mine every evening, and I do not use it a lot.
1 person likes this
@1hopefulman (20212)
• Canada
20 Oct
That sounds terrible!
1 person likes this
@topffer (30532)
• France
20 Oct
That's terrible, but it will be probably fix for all OS in a few weeks.
1 person likes this
@1hopefulman (20212)
• Canada
20 Oct
@topffer Is it the public WiFi that is having the problem or also the one we have at home?
1 person likes this
@topffer (30532)
• France
20 Oct
@1hopefulman The public WiFi is usually not encrypted, it is the WiFi in your home, like in any business, that are at risk here.
1 person likes this
@much2say (35391)
• United States
20 Oct
Oh great. Well looks like I need to study this . . . I think I have the newer Android but I don't really do anything that needs security. I was going to say we have no laptop but Hubby does bring home the laptop from work . . . I better see if he knows about this !
1 person likes this
@much2say (35391)
• United States
20 Oct
@topffer Ok, will have to discuss this with Hubby. He is way more savvy about this stuff and would understand all the lingo . . . but I do understand "problem" and "hacked" !
1 person likes this
• United States
6 Nov
@topffer Thankfully I have windows but for those who don't realize this... WiFi is any wireless connection that uses a router also referred to as a modem. What is sad is that for every patch created there is someone who will find a way to get around it,
1 person likes this
@topffer (30532)
• France
6 Nov
That is true, but not bad as it pushes the technology to improve. Microsoft did a very good job and released a patch immediately.
1 person likes this
@KrauseHome (33368)
• United States
21 Oct
I have seen a lot of updates coming thru in the last couple of days, so I am sure most are aware. One of the largest recent issues was accessing Facebook from a phone, etc.
1 person likes this
@topffer (30532)
• France
21 Oct
Microsoft deserves congratulations in this case, they have reacted at light speed to release a security update for all supported Windows versions
@JESSY3236 (5020)
• United States
20 Oct
My fiance has an apple computer. I'll let him know.
1 person likes this
@topffer (30532)
• France
20 Oct
If it is not already fixed, it will probably be soon fixed for Apple. I will have to wait more, as Linux developers are not paid.