# Krack attack



## james4beach (Nov 15, 2012)

*Wi-Fi networks are not secure*

Some important news came out today. A new type of attack has been discovered against Wi-Fi wireless network connections using the WPA2 security mode:

https://www.tomsguide.com/us/wifi-krack-attack-what-to-do,news-25990.html

WPA2 is considered the strongest Wi-Fi security available today, and is what just about all of us are using at home and work. However, due to the way WPA2 is implemented, it turns out that there is a way for an attacker to intercept the connection. This means that your home Wi-Fi network can be compromised.

Android 6.0 and later versions are particularly vulnerable due to the way the software was written on those mobile platforms. So if you're using a mobile device running Android 6 or newer, be especially careful.

You must regularly do your software updates to help patch against this problem. It's also a good general reminder that Wi-Fi connections are just not that secure. Even if you're visiting a web site that is https (SSL/TLS) protected, that does not offer total protection due to elements of web sites that are still unencrypted.

Myself, I prefer using a wired ethernet connection at home.


----------



## fatcat (Nov 11, 2009)

apple is moving to patch this https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/

more and more i feel safer on my ipad than i do on my mac laptop


----------



## AltaRed (Jun 8, 2009)

Microsoft patched it in their Oct 10th Win10 update bundle.


----------



## OnlyMyOpinion (Sep 1, 2013)

Oh oh, I see the white van is parked out on the street.


----------



## fatcat (Nov 11, 2009)

OnlyMyOpinion said:


> Oh oh, I see the white van is parked out on the street.


shite, is that james behind the wheel ? i knew it ! testing us to see if we are ready and then doing all his white-van-skulking-around wifi sniffing type stuff ...


----------



## GeoNomad (Aug 24, 2017)

As the article says, you should be using a VPN anyway.

It is interesting that this attack is the WiFi equivalent of the StingRay setup used by police to intercept cell phone traffic. I am surprised it took so long to discover it. My guess is that it has been known for a long time but not publicized.

_Even if you're visiting a web site that is https (SSL/TLS) protected, that does not offer total protection due to elements of web sites that are still unencrypted._

Actually, current versions of Chrome won't allow unencrypted content embedded in an encrypted https page.


----------



## testone (Oct 17, 2017)

Whilst the hack many be genuine possibilty what chance is there that the white van is out side your house right now? NONE!


----------



## fatcat (Nov 11, 2009)

they have to be actually on your network, the attack cannot be implemented merely over the internet which make the problem significantly less severe than it first appears


----------



## Plugging Along (Jan 3, 2011)

OnlyMyOpinion said:


> Oh oh, I see the white van is parked out on the street.





testone said:


> Whilst the hack many be genuine possibilty what chance is there that the white van is out side your house right now? NONE!


Crap, there has been a white van outside our house for a while now. Mind you are neighbor is a contractor. Can it be other coloured vans that are suspicious? 

Sorry, could t help myself as there really is a white van across the street. I am not too worried though as my spouseknew about this vulnerability, and it will take several factors to make a hack possible. That being said, I wonder now that it has been all over the news, will there be more tremors at hacking


----------



## Mzeus (Oct 17, 2017)

yeah i know it's very unsecure then better to connect with directly connection


----------



## sags (May 15, 2010)

The Canadian government is releasing top level malware software for free.


----------



## james4beach (Nov 15, 2012)

I merged these threads because it's the same issue. The Krack attack exploits a weakness in WPA2 to easily compromise WiFi networks.


----------



## OnlyMyOpinion (Sep 1, 2013)

Thanks for that James.

On the subject of VPN's, all are not equal in terms of security and privacy. So do your due diligence before choosing, particularly if you are being driven by 'lowest cost'.


----------

