WiFi Encryption Standard WPA2 Cracked, Put Billions Of Devices At Risk, While Apple Has Already Patched In iOS 11

WPA2 - the encryption standards that protects all modern Wi-Fi network - has been cracked. Attackers can now read all WPI2 encrypted Wi-Fi n...

WPA2 - the encryption standards that protects all modern Wi-Fi network - has been cracked. Attackers can now read all WPI2 encrypted Wi-Fi network info, WPA2 is being used by majority of routers as a wireless secure encryption protocol, including public and private.


Android and Linux are particularly vulnerable, even those that are described as "insignificant" attacks that can keep the devices hurt, but all other platforms are vulnerable too, including iOS and macOS. WPA2's flaw was discovered by Mathy Vanhoef, a postdoctoral security researcher at the Department of Computer Science at the University of Kuala Lumpur of Netherlands.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi netwow.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. If your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks

Experiments with security researcher show that Android smartphones are most vulnerable to attacks, and devices running Android 6.0 or later are particularly vulnerable. In addition to allowing data to be decrypted, they can easily reset the encryption key to zero. Vanhoef also stressed that all platforms are vulnerable to attack, attack Mac was originally a more difficult challenge, but later found a viable way.

We can get some comfort from this fact, because the attack will only decrypt the data encrypted by the WiFi itself. If you are visiting a secure website, the data will still be encrypted by the HTTPS protocol. However, there're also individual attack against HTTPS. Fortunately, the vulnerabilities can be patched, and in a backwards-compatible manner.

The working principle of the attack is to use the device to connect a WiFi network when communicate. WPA2 implements a four-step process by first confirming that the device uses the correct password for the WiFi router and then agrees with an encryption key that will be used for all data sent during the connection.

In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.

If the hacker send anything between the device and the router, the known data can be used to compute the encryption key. As Vanhoef points out, there are almost always some known data that is passed by the device at some point, so you have to assume that the encryption is always cracked. Even if you do not know any of them, as long as there is enough text information, you can crack the password.


For Android and Linux, an attacker doesn't even have to do so much work: they can simply reset the encryption key. The Wi-Fi Alliance has issued a security advisory thanking Vanhoef for his work, stating that it is aware of the issue and that major platform providers have already started deploying patches.

While Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore's Rene Ritchie this morning. The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.

Via 9to5Mac, Image Credit YouTube And Feng

COMMENTS

Name

(Product)RED,2,#Accessory,2,#App Store,1,#Apple,2,#Apple Music,3,#Apple Park,4,#Apple Pay,4,#Apple Security,3,#Apple Watch,10,#Battery,5,#Bug,1,#CarPlay,2,#Cydia,1,#Face ID,1,#Facebook,1,#FM,1,#Games,2,#HomeKit,2,#HomePod,14,#HowTo,5,#iMac,2,#iMac Pro,3,#Intel,2,#iOS,2,#iOS 11,5,#iOS 11.3,6,#iOS 11.4,1,#iOS 12,2,#iPad,2,#iPhone,21,#iPhone 8,1,#iPhone SE,3,#iPhone SE 2,9,#iPhone X,11,#iPhone X Plus,3,#Jailbreak,13,#Lawsuit,1,#Mac,3,#Mac Pro,2,#MacBook,5,#macOS,10,#MFi,1,#Microsoft,1,#OnePlus,1,#Original Content,2,#Patent,3,#Samsung,1,#Self-Driving,2,#Siri,4,#Tim Cook,1,#Touch ID,2,#TSMC,1,#TV,2,#Wallpaper,1,#watchOS,2,#WWDC,3,3D Touch,2,4G,1,5G,21,A,1,A11,2,A12,9,A13,3,A14,5,A14. iPhone 2020,1,A16,1,AAPL,18,ABC News,1,Accessibility,1,Accessories,87,Accessory,3,Activity,1,Ad,6,Adobe,4,Ads,3,AI,1,Airbnb,1,AirDrop,1,AirPlay,3,AirPlay 2,2,AirPod,2,AirPod Pro,1,AirPods,51,AirPods 2,5,AirPods 3,6,AirPods Pro,14,AirPods Studio,4,AirPort,4,AirPower,26,AirTag,4,AirTags,9,Amazon,11,AMD,2,Android,19,Antitrust,1,App,46,App Store,36,Apple,1950,Apple Arcade,11,Apple Books,1,Apple Camp,1,Apple Car,3,Apple Card,25,Apple Design Awards,2,Apple Event,34,Apple Events,3,Apple Glasses,3,Apple ID,4,Apple Intelligence,1,Apple Map,2,Apple Maps,11,Apple Music,43,Apple News,3,Apple News+,6,Apple One,3,Apple Park,9,Apple Pay,30,Apple Pay Cash,3,Apple Pencil,7,Apple Retail,12,Apple Security,20,Apple Store,56,Apple TV,36,Apple TV+,33,Apple Wacth,1,Apple Watch,157,Apple Watch 6,7,Apple Watch SE,1,Apple Watch Series 7,1,Apple. Chip,1,AppleCare+,1,Applle,1,Apps,2,AR,16,AR Glasses,13,ARM,18,Bands,4,Battery,33,Beats,11,Beddit,1,Best Buy,1,Beta,31,Bill Gates,1,Black Friday,2,Bloomberg,2,Boot Camp,1,Bose,1,Bug,18,Cable,4,Camera,12,Campis,1,Campus,1,Car,3,CarKey,1,CarPlay,7,Carpool Karaoke,3,Cases,1,CCC,1,CES,4,Charger,5,China,18,Chip,3,Chrome,2,Coding,1,Concept,8,Consumer Reports,1,Coronavirus,45,CPU,1,Credit Card,1,Cydia,1,Dark Sky,2,Deals,8,Developer,7,Dialog,1,Display,2,Dongles,2,Earnings,20,EarPods,1,Economy,2,Edge,1,Education,5,Emoji,11,Environment,8,eSIM,1,EU,3,EU. News,1,Event,7,Events,4,Exploit,1,Face ID,20,Facebook,1,FaceTime,4,FBI,2,FCC,4,featured,12,Final Cut Pro,3,Firefox,1,Fitbit,1,FM,2,Foldable,1,Foldable iPhone,6,Fortnite,4,Forum,1,Foxconn,5,France,2,Galaxy S9,1,Game,3,Games,6,gaming,7,Geekbench,2,Germany,1,Gift,1,Gift Card,1,Google,31,Hack,7,Haptic Touch,2,Headphones,9,Health,32,HomeKit,10,HomePod,45,HowTo,78,Huawei,5,iCloud,13,iFixit,11,iMac,12,iMac Pro,3,iMessage,2,India,13,Intel,15,iOS,141,iOS 10,1,iOS 11,13,iOS 11.3,2,iOS 11.4,2,iOS 12,93,iOS 12.1,3,iOS 12.4,1,iOS 13,72,iOS 13.1,8,iOS 13.1.1,1,iOS 13.1.2,1,iOS 13.1.3,1,iOS 13.2,6,iOS 13.2.2,3,iOS 13.2.3,1,iOS 13.3,12,iOS 13.3.1,6,iOS 13.4,9,iOS 13.4.5,3,iOS 13.5,8,iOS 13.5.5,1,iOS 13.6,4,iOS 13.6.1,1,iOS 13.7,2,iOS 14,48,iOS 14.0.1,1,iOS 14.1,1,iOS 14.2,4,iOS 14.2.1,1,iOS 14.3,2,iOS 14.4,3,iOS 14.4.1,1,iOS 14.5,3,iOS 15,2,iOS 16,1,iOS 16.4,1,iOS 18,1,iOS 9,1,iOS beta,3,iOS11,32,iOS12,2,iPad,97,iPad 8,1,iPad Air,8,iPad Mini,2,iPad Pro,65,iPadOS,17,iPhone,250,iPhone 11,31,iPhone 11 Pro,13,iPhone 11 Pro Max,9,iPhone 12,15,iPhone 12 mini,2,iPhone 12 Pro,6,iPhone 13,3,iPhone 13 Pro,1,iPhone 14 Pro,1,iPhone 16,1,iPhone 20020,1,iPhone 2018,34,iPhone 2019,51,iPhone 2020,97,iPhone 2021,10,iPhone 2022,3,iPhone 2023,1,iPhone 3GS,1,iPhone 8,4,iPhone 8 Plus,1,iPhone 9,11,iPhone OS,1,iPhone SE,3,iPhone SE 2,26,iPhone SE 3,1,iPhone X,89,iPhone X Plus,1,iPhone XE,1,iPhone XR,32,iPhone XS,37,iPhone XS Max,4,iPhone2018,5,iPhones,3,iPhoneSE2,1,iPhoneX,1,iPod,6,iPod touch,8,iTunes,12,iWork,1,Jailbreak,25,Jony Ive,6,KaiOS,1,Keyboard,8,KGI,11,Kuo,40,Laptop,3,Lawsuit,11,LCD,1,Leadership,1,Leak,15,LG,9,Live Radio,1,Logic Pro X,3,Logo,2,Luna Display,1,M1,3,Mac,92,Mac App Store,1,Mac Mini,5,Mac OS 8.1,1,Mac Pro,18,MacBook,53,MacBook Air,21,MacBook Pro,69,macOS,77,macOS 10.14,33,macOS 10.15,38,macOS 10.16,1,macOS 11,12,macOS Big Sur,8,macOS Catalina,14,Magic Keyboard,2,Maps,2,Market,1,Media,1,Micro-LED,1,Microsoft,13,Mini-LED,7,Mother’s Day,1,MR,1,Music,1,Netflix,2,News,754,Newsm,1,NFC,1,Nike,2,Nomad,1,Notch,1,Nvidia,1,Office,1,OLED,7,Original Content,18,OS X,1,P30,1,Pangu,1,Patent,36,Patents,4,PC,2,Pixel,4,Pixel Slate,2,Podcast,3,Powerbeats,10,Privacy,19,Pro Display XDR,4,Project Titan,2,ProRes Raw,1,Qualcomm,12,RAM,3,Refurbished,5,Render,1,Repair,3,Reports,3,Retail,2,Review,2,Roku,1,Rumors,19,Safari,6,Samsung,31,SECURITY,25,Self-Driving,3,Services,6,Shazam,4,Shopping,1,Shortcuts,3,Singapore,1,Siri,22,Smartphones,7,Software,4,Spotify,8,Sprint,2,Steve Jobs,6,Stock,26,Subscription,6,Supply Chain,1,Support,27,Swift,1,T-Mobile,3,Tablet,1,TANT,2,TeamViewer,1,Technology,1,Tesla,2,TestFlight,1,Texture,2,TikTok,2,Tim Cook,39,Touch Bar,2,Touch ID,7,Tracker,2,Trade-In,1,Trump,6,TSMC,13,TV,4,TV+,2,tvOS,43,tvOS 12,23,tvOS 13,36,tvOS 13.2,1,tvOS 14,19,tvOS12,2,Twitter,2,UK,1,US,1,USB-C,3,VBucks,1,Verizon,1,Verzion,1,Video,1,VirnetX,1,Vision Pro,1,VR,4,Wallpaper,17,watchOS,53,watchOS 5,25,watchOS 6,39,watchOS 7,27,watchOS 8,1,Webcam,1,WiFi,1,Windows,4,Wireless Charging,16,WWDC,35,Xcode,3,Xiaomi,1,YouTube,3,
ltr
item
Loveios: WiFi Encryption Standard WPA2 Cracked, Put Billions Of Devices At Risk, While Apple Has Already Patched In iOS 11
WiFi Encryption Standard WPA2 Cracked, Put Billions Of Devices At Risk, While Apple Has Already Patched In iOS 11
https://i.ytimg.com/vi/2trs2GMG3NY/maxresdefault.jpg
https://i.ytimg.com/vi/2trs2GMG3NY/default.jpg
Loveios
https://www.loveios.net/2017/10/wifi-encryption-standard-wpa2-cracked.html
https://www.loveios.net/
https://www.loveios.net/
https://www.loveios.net/2017/10/wifi-encryption-standard-wpa2-cracked.html
true
1784436446950495761
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content