WPA2 Cracked - Watch out for attacks of your crypto holdings.

!! WPA2 Cracked !! !! WPA2 Cracked !!

Be ware when logging in to websites, remeber always use 2 step authentication.

During the Monday, the IT world was shaken by an alarming disclosure. Security scientists Mathy Vanhoef and Frank Piessens at the Katholieke Universiteit in Leuven, Belgium, presented a report showing that the widely used wifi encryption protocol WPA2 has been broken - which can have very serious consequences. In the worst case, millions of networks worldwide are now wide open for intrusion and interception.

The vulnerability utilization concept has been dubbed Key Reinstallation Attacks (KRACK), and is based on a four-way so-called "handshake" that is used to create a key for encryption of traffic. During the third step of that process, the key can be reset and resubmitted several times. If this is manipulated, a cryptographic "nonce" can be reused in a way that completely undermines the encryption. Research around the security hole has been going on for a long time but has hitherto been kept secret. However, the US Certification Body, US-Cert, has already issued a warning to one hundred organizations, where it wrote:

”US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected.”

Attackers may come across "all"
On November 1, during the ACM Conference on Computer and Communications Security in Dallas, researchers will present their results under a program entitled "Key Reinstallation Attacks: Force Nonce Reuse in WPA2". But today, the report was released on krackattacks.com (where you can read more about the technical details of vulnerability). The researchers explain that an attacker can exploit the serious weaknesses of the WPA2 protocol by using the key recovery attack described above. Specifically, attackers can use this attack technique to read information previously thought to be securely encrypted, enabling sensitive information such as credit card numbers, passwords, chat history, emails, photos, and other personal data to be stealed. The vulnerability, according to researchers, affects all modern wifi networks protected by WPA2. Depending on the network configuration that is running, the security hole also opens for attackers to inject and manipulate data, for example, different types of malware can be installed on a site.

The researchers also emphasize that vulnerability is not limited to individual products but is contained in the encryption protocol itself. To prevent the attack, users must update all affected products as soon as security updates become available. Furthermore, it is pointed out that most devices that support wifi with high probability are affected. The researchers survey showed that both Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and many others are affected by any variant of the attacks.

Android and Linux extra vulnerable
In the video below, the researchers demonstrate an attack on an Android smartphone, showing how the attacker can decrypt all data the victim sends. For an attacker this is easy to accomplish because this type of key recovery attack is extremely effective against just Linux systems and Android 6.0 or later. This is because Android and Linux can be tricked into installing an "all zero" encryption key. In the case of attacks against other devices, it is more difficult to decrypt all packages, even though a large number of packages can still be decrypted. In any case, the following demonstration highlights what kind of information an attacker can have when performing the attack on Wi-Fi networks protected by WPA2 encryption:

Reduce the risk of suffering
Something that contributes to an increased risk is not least that very many (most) routers are not automatically updated and that router manufacturers historically have no impressive track record of being quick to roll out patches for detected security holes. In many cases, it has unfortunately been delayed until a vulnerability is brought to the attention of the media before the manufacturers act - even though they are often warned about the problems far earlier. At present, at least some of the bears appear to be on fire, for example, Aruba and Ubiquiti, who both sell network products to companies, have already announced updates to fix the security hole. Whether it completely solves the problem is so far unclear. However, there are some steps you can take to minimize the risk of something:

• Use HTTPS as much as possible instead of HTTP. HTTPS is designed to protect you even over unsafe wireless connections.

• Do not send confidential data over unencrypted connections, as they are sent in plain text.

• Use VPN services to add an additional security layer.

• Do not use public wifi networks if it is not absolutely essential to life.

• Do not visit sites you do not fully trust and do not install software from unreliable sources.