Houston, we’ve had a problem : WPA2 WiFi encryption is cracked, your computers and phones are at risk to be hacked.
By topffer
@topffer (42156)
France
October 18, 2017 1:00pm CST
Until this week, the WPA2 protocol was supposed to be secure as it could only be attacked by breaking the password with a dictionary or by brute force, and fixes had been made to block a repeated attack at router level.
It is no more true since 2 searchers of the University of Leuven in Belgium, Mathy Vanhoef and Frank Piessens, have discovered a major vulnerability permitting to crack WPA2 without needing to crack the password, so it is a matter of seconds. Once cracked all the WiFi data are visible for the attacker, including sensible data like logins and passwords.
I give a link to a website that they have created to know the details if you are interested.
To be simple, are at risk to be cracked until a fix is released : all Apple computers, tablets and phones, all Linux computers using wpa_supplicant 2.4+, all Android phones and tablets equipped with Android 6.0 and up.
Have been patched and are safe provided that you installed the security updates :
OpenBSD 6 and 6.1 since August 30th ;
Windows 7, 8.1 and 10 since October 10th.
A patch has been seeded in iOS 11.1 beta 3, watchOS 4.1 beta 3, tvOS 11.1 beta 3, and macOS High Sierra 10.13.1 beta 2, which are developer versions, on October 16th, but Apple has not stated when they will release these updates.
Until a patch is released for your platform, I would recommend to avoid to use WiFi connections for anything needing security. To surf the web or watch a Youtube video, WiFi is alright.
My phone, using an old Android version seems safe, while my Linux laptop is at risk. And you ?
This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.
14 people like this
13 responses
@kobesbuddy (74483)
• East Tawas, Michigan
18 Oct 17
I don't understand this, nither do I have an android cell phone. I don't use WiFi so, I'm not at risk for any of this.
5 people like this
@kobesbuddy (74483)
• East Tawas, Michigan
18 Oct 17
@topffer We do have WiFi but, I never use it.
3 people like this
@celticeagle (158876)
• Boise, Idaho
18 Oct 17
@topffer .....I have a laptop and have had no problem.
4 people like this
@topffer (42156)
• France
18 Oct 17
@celticeagle Mine runs Linux. I hope that a fix will be released soon.
4 people like this
@louievill (28851)
• Philippines
18 Oct 17
My phone is at risk since it's a marshmallow and I use wi-fi
3 people like this
@topffer (42156)
• France
18 Oct 17
Android has switched to wpa_supplicant with Marshmallow, I hope that they will find a way to fix it, as quite all Linux flavors are also vulnerable actually, the only thing I cannot tell, is if it will be possible to do it with a simple update, or if it will need an upgrade. In the last case, each brand would have to release an upgrade for any different phone, and it will be probably not available for all phones.
3 people like this
@louievill (28851)
• Philippines
18 Oct 17
@topffer I'd just not think about it, it gives me a headache, better buy a hardware wallet for my cryptos lol
3 people like this
@topffer (42156)
• France
18 Oct 17
@louievill Lol, I hope that your cryptos will not also give you a headache.
2 people like this
@DaddyEvil (137145)
• United States
19 Oct 17
My phone is running version 5.1 so should be safe. Also my tablets. The only at-risk machine I have is my old pc that I have running Linux right now.
Thank you for the information, Top! I will let people know at work today.
3 people like this
@DaddyEvil (137145)
• United States
19 Oct 17
@topffer You and me both, Top!
I really do appreciate you telling us! I hadn't encountered this information yet.
3 people like this
@KrauseHome (36448)
• United States
21 Oct 17
I have seen a lot of updates coming thru in the last couple of days, so I am sure most are aware. One of the largest recent issues was accessing Facebook from a phone, etc.
1 person likes this
@1hopefulman (45123)
• Canada
20 Oct 17
@topffer Is it the public WiFi that is having the problem or also the one we have at home?
1 person likes this
@topffer (42156)
• France
20 Oct 17
@1hopefulman The public WiFi is usually not encrypted, it is the WiFi in your home, like in any business, that are at risk here.
1 person likes this
@lovinangelsinstead21 (36850)
• Pamplona, Spain
20 Oct 17
I don´t use wifi at all.
Its good to warn all others though thank you as they are not aware of what might go on.
My mobile is not a smart phone either although sometimes I wish that it was.
1 person likes this
@lovinangelsinstead21 (36850)
• Pamplona, Spain
20 Oct 17
@topffer
I feel a bit sheepish as most everyone has a smart phone and I have this ordinary one but it is new.
Its what I can afford and I needed to have one living here so I could only buy that.
I know they are safer yes and more manageable and you don´t have to keep charging them up so often either.
1 person likes this
@topffer (42156)
• France
20 Oct 17
@lovinangelsinstead21 As long as it does the job for you, it is alright. My smartphone was not very expensive for a 4G smartphone, I bought it new 130 Euros, and you can find small second hand smartphones for 40 Euros. I have to charge mine every evening, and I do not use it a lot.
1 person likes this
@much2say (53959)
• Los Angeles, California
20 Oct 17
Oh great. Well looks like I need to study this . . . I think I have the newer Android but I don't really do anything that needs security. I was going to say we have no laptop but Hubby does bring home the laptop from work . . . I better see if he knows about this !
1 person likes this
@JESSY3236 (18911)
• United States
20 Oct 17
My fiance has an apple computer. I'll let him know.
1 person likes this