Houston, we’ve had a problem : WPA2 WiFi encryption is cracked, your computers and phones are at risk to be hacked.
October 18, 2017 1:00pm CST
Until this week, the WPA2 protocol was supposed to be secure as it could only be attacked by breaking the password with a dictionary or by brute force, and fixes had been made to block a repeated attack at router level. It is no more true since 2 searchers of the University of Leuven in Belgium, Mathy Vanhoef and Frank Piessens, have discovered a major vulnerability permitting to crack WPA2 without needing to crack the password, so it is a matter of seconds. Once cracked all the WiFi data are visible for the attacker, including sensible data like logins and passwords. I give a link to a website that they have created to know the details if you are interested. To be simple, are at risk to be cracked until a fix is released : all Apple computers, tablets and phones, all Linux computers using wpa_supplicant 2.4+, all Android phones and tablets equipped with Android 6.0 and up. Have been patched and are safe provided that you installed the security updates : OpenBSD 6 and 6.1 since August 30th ; Windows 7, 8.1 and 10 since October 10th. A patch has been seeded in iOS 11.1 beta 3, watchOS 4.1 beta 3, tvOS 11.1 beta 3, and macOS High Sierra 10.13.1 beta 2, which are developer versions, on October 16th, but Apple has not stated when they will release these updates. Until a patch is released for your platform, I would recommend to avoid to use WiFi connections for anything needing security. To surf the web or watch a Youtube video, WiFi is alright. My phone, using an old Android version seems safe, while my Linux laptop is at risk. And you ?
18 people like this
I discovered this information only today. I do not know if wpa_supplicant can be fixed easily, as it is used in quite all flavors of Linux and on the recent versions of Android. If your phone is a new Android phone, I am afraid that a basic update will not be enough, and that the OS will have to be upgraded.
Android has switched to wpa_supplicant with Marshmallow, I hope that they will find a way to fix it, as quite all Linux flavors are also vulnerable actually, the only thing I cannot tell, is if it will be possible to do it with a simple update, or if it will need an upgrade. In the last case, each brand would have to release an upgrade for any different phone, and it will be probably not available for all phones.
• Dallas, Texas
@topffer , Have you read this article?
Hacker News new | comments | show | ask | jobs | submit login How I cracked my neighbor's WiFi password without breaking a sweat (arstechnica.com) 240 points by laxk 1878 days ago | hide | past | web | 141 comments | favorite scott_s 1878 days ago No doubt
• Pamplona, Spain
@topffer I feel a bit sheepish as most everyone has a smart phone and I have this ordinary one but it is new. Its what I can afford and I needed to have one living here so I could only buy that. I know they are safer yes and more manageable and you don´t have to keep charging them up so often either.
@lovinangelsinstead21 As long as it does the job for you, it is alright. My smartphone was not very expensive for a 4G smartphone, I bought it new 130 Euros, and you can find small second hand smartphones for 40 Euros. I have to charge mine every evening, and I do not use it a lot.
• United States
Oh great. Well looks like I need to study this . . . I think I have the newer Android but I don't really do anything that needs security. I was going to say we have no laptop but Hubby does bring home the laptop from work . . . I better see if he knows about this !
• United States
@topffer Thankfully I have windows but for those who don't realize this... WiFi is any wireless connection that uses a router also referred to as a modem. What is sad is that for every patch created there is someone who will find a way to get around it,