[ALUG] Major flaw in WPA2
Andreas Tauscher
ta at geuka.net
Thu Nov 2 22:24:02 EAT 2017
On 16.10.2017 18:08, Howard Frederick via Linux wrote:
> This seems really, really bad.
Bad, but not so bad.
The most worse what happens: My home WiFi falling back to the security
level of a public hotspot.
And some statements in the article is not correct:
> "This can be abused to steal sensitive information such as credit card
> numbers, passwords, chat messages, emails, photos, and so on,"
This traffic is normally additional encrypted with TLS.
If you send your credit card numbers, emails etc... over unencrypted
connections first you have already a serious problem the bank, webshop
operator, bank.... has a much more serious problem.
Then there are other ways to steal your data.
Who is so careless with such data is surely more careless with other
things in his setup.
I don't have to sit in front of your house sniffing a lot of traffic.
The attack is not trivial.
You need a lot of recorded traffic.
You can not get the WPA2 password.
Only the WPA2 traffic can be decrypted. https eg remains encrypted.
It is a problem for may crappy IoT devices:
No update.
No encryption of the data sent received by the device.
Andreas
More information about the Linux
mailing list