Harmony Central Forums
Announcement
Collapse
No announcement yet.

Public Service Announcment: Wi-Fi vulnerability...everywhere

Collapse



X
  • Time
  • Show
Clear All
new posts

  • Public Service Announcment: Wi-Fi vulnerability...everywhere

    I guess it was bound to happen sooner or later.

    A research team in Belgium just published a fairly straightforward methodology for hacking WPA2, the most widely used Wi-Fi encryption standard. Most Wi-Fi systems use WPA2.

    In a nutshell, it works like this: Using a Wi-Fi enabled device, the attacker runs a piece of software that clones an available, encrypted Wi-Fi network onto another channel, and begins acting as your Wi-Fi router, without your knowledge. It simulates the handshake your device expects from the legit network, tricking you into thinking you are connected to a secure network. At that point, all of your non-encrypted traffic is already vulnerable. If the malicious clone router encounters https (encrypted) traffic from your device, it tries to redirect that traffic to non-https versions of web sites, so that data normally encrypted between a web server and a browser won't be encrypted. Traffic between your device and the web can then be recorded "in the clear." If you enter a login, credit card, or other sensitive data, it will be logged by the malicious router.

    This vulnerability is pretty much everywhere. Your house. Your office. Starbucks. Your favorite pizzeria. The public library.

    What can you do to protect yourself?

    1) If you can use a wired connection, do so. Not vulnerable to this.

    2) Start visiting your router manufacturer's web site, and look for bulletins and patches. Apply as soon as possible.

    3) Same for your phone, tablet, laptop or desktop. Any device with Wi-Fi capability and the WPA2 protocol can be hacked like this.

    4) Be REALLY wary when using public Wi-Fi. Companies like Starbucks, who market connectivity as a retail store benefit, will move quickly to address this, but expect this vulnerability to exist in the wild for a very long time.

    It sucks, but all we can do is patch and be wary.

    More details:

    https://www.wordfence.com/blog/2017/10/krack-and-roca/




    Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

    "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

  • #2
    THANKS FOR sharing !! )

    __________-------------------------------------__________________________---------------
    "If you can't explain it simply, you don't understand it well enough." ---Albert Einstein

    What is more liberal than this ?? )
    We the People of the United States, in Order to form a more perfect Union ...

    Comment


    • #3
      Originally posted by sirfun View Post
      THANKS FOR sharing !! )

      Sure.

      Let me know if you need me to send you your password.

      Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

      "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

      Comment


    • #4
      Will my bitcoins be safe!?

      Comment


      • #5
        Thanks. I normally turn off WiFi on my phone when I'm in public and I never do anything sensitive over WiFi in the first place.
        Official HCAG “Theory-Challenged Hack”
        Member of the IBANEZ ACOUSTIC ASSASSINS
        Proud Member of The Alvarez Alliance
        Member of the Schecter Society
        Person-2-Person on the Web

        Comment


        • #6
          I have unlimited cellular data. I don't use WIFI unless I'm at work or at home.

          Comment


          • #7
            Thanks for the data. I've always used hardwire for my home systems - I've never trusted wifi for just this reason. Cellular on the phone as well, like Moog (above). I'll pass it along to friends and family.
            ---------------------------------------------------------------------------------
            Originally Posted by MattACaster : *Runs 2 blocks down the street to Guitar Center, grabs detuned Schecter off the wall, plugs into Line6 Spider and proceeds to bring teh brootalz*

            Comment


            • #8
              Originally posted by goodhonk View Post
              Will my bitcoins be safe!?
              All your bitcoins are belong to us.

              **********

              "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

              - George Carlin

              "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

              - Sir George Martin, All You Need Is Ears

              "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

              - Bob Lefsetz, The Lefsetz Letter

              Comment


              • #9
                Originally posted by flemtone View Post
                Thanks for the data. I've always used hardwire for my home systems - I've never trusted wifi for just this reason. Cellular on the phone as well, like Moog (above). I'll pass it along to friends and family.
                I use wifi quite a bit at home, but never when I'm anywhere else. I might have to rethink that in light of this.
                **********

                "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

                - George Carlin

                "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

                - Sir George Martin, All You Need Is Ears

                "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

                - Bob Lefsetz, The Lefsetz Letter

                Comment


                • #10
                  Hardwired and don't have a cell phone.

                  Fisher House Foundation

                  Comment


                  • #11
                    Originally posted by Phil O'Keefe View Post
                    I use wifi quite a bit at home, but never when I'm anywhere else. I might have to rethink that in light of this.
                    If you can get patches for the devices you use at home, you'll be good to go. And somebody would have to be in range of your home network to do the cloning. This not an attack that can be done remotely. The hacker has to be able to receive the Wifi radio signal.


                    Current global warming temperature trend: 0.05ºC per decade, plus or minus 0.1ºC (source: UN IPCC AR5) ...Yes, the error rate is higher than the estimated rate of change.

                    "Anthropogenic global warming is a proposed theory whose basic mechanism is well understood, but whose magnitude is highly uncertain. The growing evidence that climate models are too sensitive to CO2 has implications for the attribution of late-20th-century warming and projections of 21st-century climate. If the recent warming hiatus is caused by natural variability, then this raises the question as to what extent the warming between 1975 and 2000 can also be explained by natural climate variability." --Dr. Judith Curry, chair of the School of Earth and Atmospheric Sciences at the Georgia Institute of Technology

                    Comment


                    • #12
                      Originally posted by rbstern View Post

                      If you can get patches for the devices you use at home, you'll be good to go. And somebody would have to be in range of your home network to do the cloning. This not an attack that can be done remotely. The hacker has to be able to receive the Wifi radio signal.
                      True - time to check the wifi routers for patches... thanks for bringing this to everyone's attention!
                      **********

                      "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

                      - George Carlin

                      "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

                      - Sir George Martin, All You Need Is Ears

                      "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

                      - Bob Lefsetz, The Lefsetz Letter

                      Comment


                      • #13
                        I 'spect livin' in tha' boonies is gonna help this old feller. Now, what's this here "wifi" y'all tawkin' about? I gotta cellphone tho. It weights about 5 pounds and has a two foot antenna stickin' outta it.

                        Comment


                        • #14
                          I had a look at my manuf. page on this, and found something interesting, highlighted:
                          NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:
                          • Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.
                          • Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.

                          https://kb.netgear.com/000049498/Sec...-PSV-2017-2837

                          I'm not sure if this condition is specific to NETGEAR routers, or if it is a general statement about the vulnerability and bridge mode across routers in general though.
                          http://www.harmonycentral.com/t5/Electric-Guitars/I-smeared-bacon-fat-on-my-strat-now-it-stinks/td-p/16697195

                          Comment


                          • #15
                            Interesting - if that's true of other brands as well, then the routers may be less vulnerable than I originally thought...

                            I tried checking with my cable provider last night - no surprise, but they didn't have anything up about it, and they supplied my current wifi router. I'll have to check it to see if it carries any brand identifiers and then check with the manufacturer's site.

                            **********

                            "Look at it this way: think of how stupid the average person is, and then realize half of 'em are stupider than that."

                            - George Carlin

                            "It shouldn't be expected that people are necessarily doing what they appear to be doing on records."

                            - Sir George Martin, All You Need Is Ears

                            "The music business will be revitalized by musicians, not the labels or Live Nation. When the musicians decide to put music first, instead of money, the public will flock to the fruits and the scene will be healthy again."

                            - Bob Lefsetz, The Lefsetz Letter

                            Comment













                            Working...
                            X