KRACK Kills! Or At Least It Will Compromise All Your Wifi Traffic!

DroidModderX

Super Moderator
Staff member
Premium Member
Joined
Oct 6, 2011
Messages
5,782
Reaction score
2,132
logo-small-png.77980

Security researchers have found a way to decrypt WPA 2 Wi-Fi security protocol. The KRACK hack (Key Re-installation Attacks) are apparently exceptionally devastating against Linux and Android 6.0 or higher, but can affect all Wi-Fi devices. According to researchers it is "trivial" to intercept and manipulate traffic sent by Linux and Android devices. This leaves about 41% of Android devices open to this "exceptionally devastating" version of the attack.

You will want to stay away from Wi-fi until your OEM sends out an update patching KRACK for your device. Manufacturers of routers are already sending out patch updates. Even things like Wi-Fi cameras can be compromised enabling someone to tap into a live feed of cameras in your home. To remain as safe as possible you should avoid using all Wi-Fi devices until they have been patched.

If you must use wifi use encrypted sites and VPNs. Also be sure you are using https instead of http. There are even browser extensions that can add that s to all of your surfing.

via Krackattacks.com
 

Attachments

  • logo-small.png
    logo-small.png
    8.4 KB · Views: 2,487

Sajo

Diamond Member
Joined
Jan 25, 2013
Messages
20,705
Reaction score
16,836
Location
Tennessee
Current Phone Model
Pixel 7 Pro
Compromise ALL traffic?

Sent from my XT1650 using Tapatalk
 

Sajo

Diamond Member
Joined
Jan 25, 2013
Messages
20,705
Reaction score
16,836
Location
Tennessee
Current Phone Model
Pixel 7 Pro
fortunately they have to be in wifi range to get you. hopefully you can trust your neighbors.
Most of my neighbors are good people that I trust with the keypad to my garage door remote. The few I don't know well are not smart enough to hack my WiFi. This is what I don't get about these vulnerabilities, articles like this say "don't use WiFi..." etc. and will probably scare the crap out of some people. As you stated, the hacker has to be within range of your WiFi signal to pull this off. And they have to know how to employ the hack, and have the equipment to pull it off. I have a better chance of winning the next Powerball than I do of someone hacking my home WiFi. Now...with that being said, I would avoid unknown public WiFi unless they are clearly advertising that their WiFi equipment has been patched. As a general rule of thumb I never connect my phone to public WiFi, too many unknowns.

Sent from my XT1650 using Tapatalk
 
Last edited:
R

RETG

Guest
My neighbors are not close enough and never come over. They drive by and see Tahoes and Suburbans with US government "J" plates in the driveway so I'm assuming they don't want to visit me. :DBut it is a great way to keep isolated from nosy the neighbors.:eek:
However, I also do not use public WIFI. I'll stick to Verizon 4G or my home WIFI system.
 

Sajo

Diamond Member
Joined
Jan 25, 2013
Messages
20,705
Reaction score
16,836
Location
Tennessee
Current Phone Model
Pixel 7 Pro
I don't like being the bearer of bad tidings, particularly as this is my first post on this forum, but it's something Android users need to be aware of . . . particularly Android 6.0 users such as myself:

How the KRACK attack destroys nearly all Wi-Fi security
Welcome to the Forum. Thanks for sharing. It's all kind of the same stuff, no matter who we quote. What they are not saying in any of these articles is what I have said a few times...

The hacker would have to be within range of your WiFi signal, have the technology to employ the hack, and the sophistication to know how to do it, and a reason to pick your WiFi over every other wifi signal in the area. I know it's scary and dangerous....but so is driving to work every day. I still think we all have a better chance of winning the lottery than actually being hacked.

Sent from my XT1650 using Tapatalk
 

me just sayin

Diamond Member
Joined
Jun 7, 2017
Messages
5,029
Reaction score
4,456
Location
35.7051° N, 89.9695° W
Current Phone Model
Note 8
what I find interesting is a lot of companies are not creating a fix for this at this time. they feel it is not that big of a threat because of how hard it is to do.
 

bld522

New Member
Joined
Oct 18, 2017
Messages
4
Reaction score
0
Current Phone Model
Moto G3
Welcome to the Forum. Thanks for sharing. It's all kind of the same stuff, no matter who we quote. What they are not saying in any of these articles is what I have said a few times...

The hacker would have to be within range of your WiFi signal, have the technology to employ the hack, and the sophistication to know how to do it, and a reason to pick your WiFi over every other wifi signal in the area. I know it's scary and dangerous....but so is driving to work every day. I still think we all have a better chance of winning the lottery than actually being hacked.

Sent from my XT1650 using Tapatalk
Thanks, Sajo. The notion that Android 6.0 is possibly the most vulnerable platform to a KRACK attack is concerning. That's why I posted the Ars Technica article. It just seems as if every time I turn around, sensitive information is being hacked and security protocols are being demolished. I'm currently involved in at least three catastrophic data breaches . . . one from one of the largest providers of web-based email, one from one of the largest providers of health insurance, and one from one of the largest credit monitoring companies on the planet. At least two of these will result in class-action lawsuits if not all three. How much longer will it be before the term "data security" becomes an oxymoron? Or are we there already?
 

Sajo

Diamond Member
Joined
Jan 25, 2013
Messages
20,705
Reaction score
16,836
Location
Tennessee
Current Phone Model
Pixel 7 Pro
Thanks, Sajo. The notion that Android 6.0 is possibly the most vulnerable platform to a KRACK attack is concerning. That's why I posted the Ars Technica article. It just seems as if every time I turn around, sensitive information is being hacked and security protocols are being demolished. I'm currently involved in at least three catastrophic data breaches . . . one from one of the largest providers of web-based email, one from one of the largest providers of health insurance, and one from one of the largest credit monitoring companies on the planet. At least two of these will result in class-action lawsuits if not all three. How much longer will it be before the term "data security" becomes an oxymoron? Or are we there already?
As long as we live in this modern world of cell phones, tablets, laptops, WiFi everywhere, and the Internet there will always be another vulnerability lurking around the corner. As soon as this KRACK thing blows over, patched, etc. there will be yet another scary vulnerabilty that makes the news and scares the crap out of us. Then another after that one, etc, etc. I think it's the sad but true state of the world we live in.

Sent from my XT1650 using Tapatalk
 

bld522

New Member
Joined
Oct 18, 2017
Messages
4
Reaction score
0
Current Phone Model
Moto G3
As long as we live in this modern world of cell phones, tablets, laptops, WiFi everywhere, and the Internet there will always be another vulnerability lurking around the corner. As soon as this KRACK thing blows over, patched, etc. there will be yet another scary vulnerabilty that makes the news and scares the crap out of us. Then another after that one, etc, etc. I think it's the sad but true state of the world we live in.

Sent from my XT1650 using Tapatalk
It's not just the attacks and the breaches that concern me. It's the chaos that those with bad intent can inflict on us once they decide to weaponize the data by which society identifies us and tracks our activities. I'm sure you've heard horror stories concerning the damage inflicted on those who have had their identities stolen. Now imagine that happening on a grand scale and perhaps you'll have an idea where my concern lays.

To my way of thinking, any vulnerability on the scale of the KRACK attack needs to be looked at as if it were a national security threat. And we need to develop a new way of identifying our citizens that doesn't make us easy targets. Unfortunately, I don't think anyone in the government is taking that seriously. But I suspect it's only a matter of time before circumstances force them to.
 

Sajo

Diamond Member
Joined
Jan 25, 2013
Messages
20,705
Reaction score
16,836
Location
Tennessee
Current Phone Model
Pixel 7 Pro
I have been part of 2 large Government record breaches and fully understand the seriousness of identity theft. It was a not much fun to worry about that for a year or so to verify nothing bad happened and my identity was safe.

Even before this KRACK thing reared its head I don't use public WiFi....ever. And I feel safe that my home WiFi is safe.

Sent from my XT1650 using Tapatalk
 
Top