WPA2 hacked

[Trouble]

Woke up this morning to find many of my feeds full of this type of warning.....
https://arstechnica.com/information...l-leaves-wi-fi-traffic-open-to-eavesdropping/

Like I didn't already have enough to worry about after the Equifax hack.
Now we get to wait and see how vendors / manufacturers might come to our rescue with firmware patches to address this.

 

[Bif]

De-Lovely!....
The "unbreakable" becomes broken..it was only a matter of time.

 

[Trouble]

Some additional information if anyone is interested.
https://www.krackattacks.com/

Currently watching the forums for my TP-Link router to see if any firmware / patches are coming soon or at all.

 

[Bif]

Thanks for the heads up Trouble!.. will be contacting my ISP to see what they plan to do (or if they even know about it!)..as our modem/router is theirs.
Never a dull moment..

 

[Tim Locke]

All our main machines are on Ethernet. Just the tablets, phones and Roku devices on WiFi and we do not do financial transactions on any of them.

 

[Trouble]

will be contacting my ISP to see what they plan to do (or if they even know about it!)..as our modem/router is theirs.

I'm kind of in the same boat, although I don't actually use my ISP's provided wifi and instead have placed my own wireless router in the down-stream schema, which is in-turn wired to my ISP device.
Locally, I use Comcast which generally relies on a company called ARRIS to supply their hardware and as such it will probably be up to ARRIS to patch the vulnerability

Something that might be of particular concern is, in my area......
Comcast / xFinity is a big cable network ISP and all of their devices are used in a giant web-like mesh to create a huge hotspot type feature for their customers.
So technically (and I never do), I can (with my xFinity account) use any of their other customer's "hotspot" to connect wirelessly to the internet through that feature.
That doesn't expose any customer's local network as it is completely separate and independent but could certainly be a means of propagating the exploit.

What is even more interesting is......
The exploit was discovered in July, CERN issued their report in August and we're finding out about it today.

 

[Trouble]

Just the tablets, phones and Roku devices on WiFi

That's my primary concern right now, with my visiting children and grand children and their phones.
I think I might have to insist that they use their data plans for a while instead of my wireless.
That won't be a problem with mine as we have an unlimited LTE plan which often seems as fast or faster than my wireless.

 

[Tim Locke]

I also use my own router. Which is a couple of years old, has been superseded by the manufacturer so it wont get patched. As I understand this problem it needs a MITM attack on the data actually over wireless.
Sooooooo living in a solid brick house with a big yard I wonder if moving everything to the 5Ghz band would leave no signal outside the premises. The phones, tablets and Roku can all do 5Ghz.

 

[clifford_cooley]

Unless you are a high profile target, you likely have nothing to worry about anyway.

 

[Tim Locke]

I am sure you are correct. But I live near a big Uni so the density of 20 yr old hackers is probably higher than in Arkansas!

 

[Trouble]

I suppose there is still plenty to understand (at least for me) as to how this impacts how I go about my day to day.
Portable devices are just that..... portable and can be used outside my network. Can they then bring that exploit back into my network as a client carrier.
Also many portable devices, phones and tablets are almost always configured for something called "in-app" purchases so I don't know what financial information may be exposed if you've previously made an "in-app" purchase, and some of those apps if you look at their specs, want to interact with a lot of your other configured features.

 

[Norton]

I believe It's a big concern for the little guys. I doubt that high profile users use WPA2 to do business transactions.

Trouble Thanks! I have just contacted (email) Bell Canada Internet Security Support and asked how they intend to protect customers. I'll the forum updated.

 

[Bif]

I just got off the blower with Shaw, and much to my surprise (not) they knew NOTHING about it, but after giving them the URL that Trouble provided were very thankful.(shake my head)
Not holding my breath for a speedy patch or response but the ball's in their court now.

 

[Trouble]

Further information, including a "list" although far from exhaustive as to some devices that are patched or that patches are available for.
https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it

 

[Norton]

To me It's all mind boggling. These hackers are always one step ahead, they are the horse on the merry-go-round that no one can ever catch up to.

 

[Wolfie]

From the way I see it, a hacker must be within (guessing) 50 - 60 metres to hack you via WPA2, chances are they are sitting right under my window to hack me with my luck!.

Thanks for the heads-up @Trouble

 

[Norton]

My ISP is was aware of the problem and their techs are working with other ISP software security teams and are collaboratively currently working on a patch. They said that WPA2 was the most secure but that is no longer true. I seldom use my WiFi, but as Trouble mentioned the kids do when they come to visit.

 

[Bif]

To me It's all mind boggling. These hackers are always one step ahead, they are the horse on the merry-go-round that no one can ever catch up to.

I concur!... remember the good old days when the most pressing technical issue was over cooking the potato in the microwave?!..
How I long for those days again!

 

[Norton]

Bif With all the new appliance Bluetooth technology, you may find your neighbor dipping his bread in your gravy. LOL

 

[Bif]

No doubt! LOL!!
@Norton