Tag: Wi-Fi

21 June 2021 by Phillip Johnston • Last updated 14 October 2021A serious flaw in the WPA2 security algorithm which protects our Wifi networks was announced in October 2017. The attack vector is dubbed KRACK for “Key Reinstallation Attack.” The KRACK vector exploits a flaw in the WPA2 algorithm itself. Any correct implementation was likely to be affected. By exploiting the 4-away handshake protocol used to exchange encryption keys, a third-party can collect and replay the key installation message. This vulnerability enabled packet replays, packet forgery, packet decryption, or man-in-the-middle attacks. Defenses against KRACK were put into place and proven …

Continue reading “Wi-Fi Key Reinstallation Attacks”

21 June 2021 by Phillip JohnstonMay 2021 saw the public disclosure of FragAttacks, a collection of security vulnerabilities that affect Wi-Fi devices. Three of the vulnerabilities are design flaws in the Wi-Fi standard (one in frame aggregation, and two in frame fragmentation), and “experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities”. These vulnerabilities allow an attacker to forge encrypted frames in various ways in order to exfiltrate sensitive data, regardless of the security protocol used. The FragAttacks website has this to say (emphasis mine): Fortunately, these …

Continue reading “Wi-Fi FragAttacks”