Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday June 09, @05:53AM   Printer-friendly
from the wireless-infidelity dept.

New Vulnerabilities in Wi-Fi Security Revealed:

[Mathy] Vanhoef, who is affiliated with KU Leuven and New York University Abu Dhabi, found three vulnerabilities in the Wi-Fi security protocol. He also identified several programming errors in devices with Wi-Fi connections. For the study, he tested 75 devices, including smartphones, laptops, and smart devices. All devices that were tested were vulnerable to at least one of the discovered flaws.

The weaknesses found in the Wi-Fi security protocols are very difficult to exploit, which may explain why they remained under the radar for a long time: Vanhoef found them in the current WPA3 protocol, but also in all previous security protocols, dating back to 1997.

[...] The programming errors that Vanhoef found in Wi-Fi devices are especially problematic for smart appliances and computers that have not been updated in a long time because it is easier to abuse them in these cases.

[...] There is no immediate cause for concern. “It’s impossible to tell if these flaws have already been abused. It seems rather unlikely because they went unnoticed for so long.” Over the past nine months, Vanhoef worked closely with many major IT companies, including Google and Microsoft, to fix the weaknesses. This happened via the Wi-Fi Alliance, an association of IT companies that jointly own and control the Wi-Fi trademark. Yesterday, they launched the necessary updates to fix the flaws.

[...] Visit fragattacks.com for more information about the discovered weaknesses.

He has created a website fragattacks.com which goes into considerable detail outlining the various flaws that were discovered. There are also links to tools that he has made available including a bootable live image. There is also a 6m30s video demonstration available on YouTube.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday June 09, @06:52AM (2 children)

    by Anonymous Coward on Wednesday June 09, @06:52AM (#1143453)

    this is the travesty of alwayson connected devices, not like security and updates were not a thing before wifi.

  • (Score: 0) by Anonymous Coward on Wednesday June 09, @09:48AM (1 child)

    by Anonymous Coward on Wednesday June 09, @09:48AM (#1143472)

    I wonder, why is wifi secured/authenticated in the first place? In principle every system and communication on a (wireless) network should be secure. Lets say all wifi APs would be open and everyone could connect to them to get network/internet access.

    If the infrastructure of the network and the services would be completely separated that would mean the whole authentication/securing would be not needed.

    See it as a lake/sea with ports/harbours, yet with wifi there would be a large fence around that lake/sea.

    • (Score: 0) by Anonymous Coward on Wednesday June 09, @12:51PM

      by Anonymous Coward on Wednesday June 09, @12:51PM (#1143499)

      Wifi "security" is like a lock on a screen door. The only secure wireless network is one that's turned off.