Influence on almost all Wi-Fi equipment such as smartphone · PC WPA 2 itself vulnerability What is "KRACK" and measures?

Security protocol for network equipment such as router "WPA 2Is adopted by many devices as a protocol for protecting security in Wi-Fi networks. Such WPA 2 has serious vulnerability "key reinstallation attacks (KRACK) "ExistsDistriNet Research GroupofMathy VanhoefMr. pointed out. With this KRACK, it is possible to steal confidential information such as credit card information, passwords, mails, photos, even from a completely protected Wi - Fi network, so that the threat of KRACK Has been reported.

KRACK Attacks: Breaking WPA 2
https://www.krackattacks.com/


Serious flaw in WPA 2 protocol lets attackers intercept passwords and much more | Ars Technica
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

Wi-Fi security has been breached, say researchers - The Verge
https://www.theverge.com/2017/10/16/16481136/wpa2-wi-fi-krack-vulnerability

KRACK, a vulnerability of WPA 2, does not have problems with the code implemented on individual products, and there is a problem with the Wi - Fi standard itself. Therefore, network equipment implementing WPA 2 and devices supporting Wi-Fi may all be attacked using KRACK. According to the survey, Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys etc are all influenced by variants of KRACK.

Mr. Vanhoef has released a movie showing how KRACK attacks were carried out against Android smartphones as proof of concept. In the movie, all the data transmitted by the Android terminal connected to the protected Wi-Fi network has been successfully decrypted and stealed,HTTPSIt is clear that it is possible to bypass even secure communication such as.

KRACK Attacks: Bypassing WPA 2 against Android and Linux - YouTube


If KRACK is used, not only data decoding,Packet sniffingAnd terminal hijacking, it is also possible to charge malware in secret.

A vulnerability affecting countless digital devices all over the world, a website for Blackberry usersCrackBerry.com"Points for safe living without being influenced by KRACK" are cited.

Everything you need to know about KRACK, the WPA 2 Wi-Fi vulnerability | CrackBerry.com
https://crackberry.com/everything-you-need-know-about-krack-wpa2-wi-fi-vulnerability


The first thing that is mentioned is "not using public Wi-Fi". Even in "protected network" provided by Google and others, KRACK will bypass, so you should avoid using it. However, if the connection is protected using TLS 1.2, it seems that the connection with that service is secure. In addition, if you have a trusted paid VPN service, CrackBerry.com recommends that you always use a paid VPN service until you can establish safety with another network connection method. And even if it is free, it is necessary to avoid using other VPN services until safety can be confirmed.

In addition, if you have a port that connects an Ethernet cable to both your router and your computer, it is recommended to use a wired network. Because KRACK only affects the 802.11 traffic of the digital terminal connected to the Wi - Fi router, it will not be affected if you use wired connection.

Also, according to CrackBerry.com, in attacks using KRACK, bank information, Google's password,End-to-end encryptionIt seems that it is not possible to steal data from a connection using a method.

ByWilliam Iven

After the existence of KRACK became clear, Google said in a statement that all Wi - Fi enabled devices will be affected, but Android 6.0 and later Android terminals may be affected specially. Please note that the ratio of Android 6.0 or later is41%It seems to be also. However, we also reveal that Google will distribute the patch for KRACK with the security update of November 6, 2017.

In addition, Apple is supposed to make corrections that correspond to KRACK with software update within a few weeks, and Microsoft is a security update on October 10, and correspondence to KRACK isI am done.It is revealing that.

For details on KRACKBlack Hat Europe 2017It is scheduled to be explained in.