Data di Pubblicazione: 2017-10-21
Researchers at the University of Leuven said that WPA2 is a commonly used security in Wi-Fi communications and it has a built-in vulnerability.
WPA2 Most Wi-Fi enabled devices-computers, phones, tablets, e-readers and watches-may be affected, and they will need an update from the manufacturer to stop it. Before that, security might have come from wireless rather than Internet-based vulnerabilities, so potential developers must be local.
"An attacker within the range of a Wi-Fi client can trick the client into using an encryption key that the attacker can calculate, allowing the attacker to decrypt and eavesdrop on all network traffic between the Wi-Fi client and the client. Entry point. This could allow an attacker to steal usernames and passwords and personal or financial information. The vulnerability is within the Wi-Fi standard itself, not a single product or implementation. Therefore, all Wi-Fi-enabled devices should be considered Affected and vulnerable devices until patches are provided by their respective vendors. "
The Wi-Fi logo According to Jeanquier, no attack software has been released, "though it is not unimaginable for an attacker to create his own tools for such attacks.
Before applying the patch, he suggested using Ethernet or 4G instead of Wi-Fi, and unavoidably Wi-Fi connection via encryption-through a virtual private network (VPN), or only with URLs that start with "https: /// "Site for communication-" s "is important.
According to the Vanhoef / Piessens CCS paper, when a client joins the network, the client performs a 4-way handshake to negotiate a new session key, and then sends a specific message.
Because the connection can be disconnected, there is a mechanism to reuse the same key to send the same message, and this is where the trouble begins.