Flaws in Wifi protocol WPA2

WPA2 Protocol is exploitable and exploit Video is available online!!!

WPA2 Exploit video available publicly_WPA2 Broken_WPA2 Exploit_Suman Tiwari_Zeynep Didem Akinoglu

WPA2 Exploit video available publicly at https://www.youtube.com/watch?v=Oh4WURZoR98

Earlier WPA2 protocol was considered secure but now its practical exploit is available publicly. WPA2 has a flaws which allows the installation of previously used keys in the WPA2 handshake

Please visit this demo link for more details

Also visit this nice read on WPA2 exploit here

Microsoft has already fixed the Wi-Fi attack vulnerability by releasing a Patch for it. For detail please visit this link

Hats off and God Bless those who still uses very weak protocol like WEP. 🙂

Refernces

• https://www.krackattacks.com/ • https://cwe.mitre.org/data/definitions/323.html

• https://papers.mathyvanhoef.com/ccs2017.pdf • https://www.kb.cert.org/vuls/id/228519

• https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-security-update

• https://forum.mikrotik.com/viewtopic.php?f=21&t=126695 • https://github.com/vanhoefm/krackattacks-test-ap-ft

• https://twitter.com/vanhoefm/status/920637745768402945

• https://exchange.xforce.ibmcloud.com/collection/396ecb6880625d6e58dd7636b7c8 e8fd • http://appleinsider.com/articles/17/10/16/apple-confirms-krack-wi-fi-wpa-2-attackvector-patched-in-ios-tvos-watchos-macos-betas

• https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-securitypatches • http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-availableright-now/

• https://www.theregister.co.uk/2017/10/16/wpa2_krack_attack_security_wifi_wirele ss/

• https://arstechnica.com/information-technology/2017/10/how-the-krack-attackdestroys-nearly-all-wi-fi-security/

• EC-COUNCIL website and magazine

Important Vendor Links

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa20171016-wpa

• http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt

• http://svn.dd-wrt.com/changeset/33525 • https://github.com/espressif/ESP8266_NONOS_SDK

• https://github.com/espressif/ESP8266_RTOS_SDK

• https://github.com/espressif/esp-idf • https://w1.fi/security/2017-1/

• https://kb.netgear.com/000049346/WNDAP350-Firmware-Version-3-7-7-0

• https://kb.netgear.com/000049349/WNAP320-Firmware-Version-3-7-7-0

• https://kb.netgear.com/000049353/WAC120-Firmware-Version-2-1-5

• https://kb.netgear.com/000049065/WAC505-WAC510-Firmware-Version-1-5-3-7

• https://kb.netgear.com/000049351/WND930-Firmware-Version-2-1-3

• https://kb.netgear.com/000049345/WNDAP660-Firmware-Version-3-7-7-0

• https://kb.netgear.com/000049348/WNAP210v2-Firmware-Version-3-7-7-0

• https://kb.netgear.com/000049001/WAC720-WAC730-Firmware-Version-3-7-12-0

• https://kb.netgear.com/000049350/WNDAP620-Firmware-Version-2-1-4

• https://kb.netgear.com/000049352/WN604-Firmware-Version-3-3-8

• http://support.toshiba.com/support/staticContentDetail?contentId=4015875&isFromT OCLink=false

• https://community.ubnt.com/t5/UniFi-Updates-Blog/FIRMWARE-3-9-3-7537-for-UAPUSW-has-been-released/ba-p/2099365

• http://www.zyxel.com/support/announcement_wpa2_key_management.shtml

• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10827&cat=SIRT_1&ac tp=LIST

• https://usn.ubuntu.com/usn/usn-3455-1/

• http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities/

• https://access.redhat.com/errata/RHSA-2017:2907

• https://www.debian.org/security/2017/dsa-3999