WPA is the mechanism used to secure the vast majority of wifi AP& lt;-& gt;client access. Over the summer, these guys made a presentation at the world's largest hacker conference indicating they had something big, and per industry standard operation they've kept the details quiet until now.
It will take some time to go from disclosure to exploit tools, so your wifi isn't instantly compromised, but it's only a matter of time from today to when tools may be available.
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/ - (
New Window )
WPA2 obviously - and we're not talking about enterprise grade devices that should be using RADIUS, we're talking about home users and devices or users that are incapable of using anything else.
It's going to be easy pickings for some unscrupulous folks.
The article refers to WPA2 which is pretty much the standard wifi security protocol these days. To your point if your using WPA your past due to upgrade.
Quote:
If you are using that it's 2005 and you are stupid. Of course it's exploitable it's why no serious admin would even touch it. That's akin to saying that not locking your front door is unsafe.
WPA2 obviously - and we're not talking about enterprise grade devices that should be using RADIUS, we're talking about home users and devices or users that are incapable of using anything else.
It's going to be easy pickings for some unscrupulous folks.
Guess it's time to fire up the ESX server and set up a domain controller and a radius server.
Keep that in mind as you gauge how much to panic. :)
The concern here is less the hosts and more the access points. So although your PC or Mac might be less vulernable, the WiFi access point they're connecting to isn't (more than likely).
basically dust off the dial up modem....and get off the phone cuz Im trying to sign on!
You know all those articles you read about how automation is going to catastrophically disrupt the job market over the next 20 years? Doesn't happen if just about all transactions aren't electronic over that timespan.
In layman's terms - the mechanism your WiFi router uses to encrypt the communications between the router and your computer (or laptop/smartphone) can be compromised.
The good news is that the attack focuses in on the client side - so having your laptops/computers/phones patched is the priority. A patched client communicating with an unpatched endpoint should remain secure.
The bad news it that you still want to patch the access points as well, and it's harder to patch hardware devices like routers, security cameras, printers, and vendors are slower to put out updates.
For right now - make sure that your computers are all configured to take the latest security updates and are updating regularly. Take a look at your WiFi access point and see if the manufacturer has any plans (or has made any statements) of releasing an update to your firmware.
If you have IoT devices like online cameras, printers, scanners, etc. - consider disabling the online functionality, or isolating them on your network if possible. Those are going to be a popular backdoor for this one.
Yeah, US-CERT has a tendency of faking news stories, when they're not busy controlling the weather.