Manufacturing News from the Engineered Designer Perspective

Latest Update on KRACK (Key Reinstallation Attack): the flaw in WPA2 protocal for WIFI systems

Belgian researchers, Mathy Vanhoef and Frank Piessens — who recently issued warnings concerning a bug in the WPA2 protocol, a widely used system for securing Wi-Fi communications — have made tools available to “detect whether an implementaiton of the 4-way handshake… is vulnerable to key reinstallation attacks.” Standard protocols, such as “changing the password” will not mitigate this vulnerability.

 

 

The researcheres emphasized: “luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point (AP), and vice versa. In other words, a patched client or access point sends exactly the same handshake messages as before, and at exactly the same moment in time. However, the security updates will assure a key is only installed once, preventing our attack. So again, update all your devices once security updates are available. Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!”

 

 

After the discovery of KRACK, the name given to the flaw in the system, the U.S. Department of Homeland Security Computer Emergency Response Team announced that the WPA2 protocol could be used to obtain personal information and read private communications over secure Wi-Fi. [See video below.]

Pre-shared password exploit

The problem with the system arose due to the protocol’s ability to connect devices with a pre-shared password. Vanhoef and Piessens explained that KRACK (Key Reinstallation Attack) “abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key.” These “Wi-Fi handshakes” are used to generate session keys, which had previously remained secure. However, attackers are now able to grant access by connecting new devices to the in-use key, which is accomplished by manipulating the system and replaying handshake messages.


Cryptography teacher Matthew Green of Johns Hopkins University stated that the flaw would likely result into “a slew of TJ Maxxes.” This was, of course, referring to a 2007 cyberattack that granted hackers access to network-connected cash registers.

Vanhoef and Piessens warned that the majority of Wi-Fi users are now vulnerable to hacking attempts due to the bug. “If your device supports Wi-Fi, it is most likely affected.” Furthermore, they stated that the attack has been shown to “occur spontaneously if certain handshake messages are lost due to background noise.” Additional information pertaining to the flaw can be found on their website www.krackattacks.com.

 

 

On a positive note, companies like Symantec and Microsoft have offered users protection against these attacks. Norton is offering services to encrypt traffic and protect connected devices from hacking and identity theft. Microsoft Corporation has also released a security update for Windows, stating that users who update their systems either manually or through automatic updates will remain protected. Additionally, sites and services providing content over strict HTTPS will encrypt traffic from the browser to the server, allowing continued access without the risk of attack.

Latest Stories

“I will destroy humans” says life-like robot: Elon Musk’s claim that artificial intelligence poses a threat to mankind may be justified?

“I will destroy humans” says life-like robot: Elon Musk’s claim that artificial intelligence poses a threat to mankind may be justified?

It may have been a glitch, but during a media interview, a “smart learning” robot named Sophia declared: “Okay, I will destroy humans.”     Although this was in response to an interview question from a journalist, it came across as a little jarringly frightening — rather than as the joke that might have been…

Smart winery? Environmental Health Monitoring Technology to boost plant production; pilot with Ontario winery with Bell in partnership with Huawei

Smart winery? Environmental Health Monitoring Technology to boost plant production; pilot with Ontario winery with Bell in partnership with Huawei

Bell announced a new partnership with Ontario-based BeWhere, an Internet of Things (IoT) solutions company, and China-based tech company Huawei, the world’s largest telecommunications equipment maker. Huawei worked with Bell to develop “an environmental monitoring solution to help improve the health and quality of plants at the vineyard.” Steve Lu, President of Huawei Canada said:…

$6.5 million Small Business Innovation Challenge to develop technologies in “Vehicle Occupancy Detection” and “Digital Identity”

$6.5 million Small Business Innovation Challenge to develop technologies in “Vehicle Occupancy Detection” and “Digital Identity”

Funded by the Ontario Government, the Small Business Innovation Challenge is helping companies develop new technologies in Vehicle Occupancy Detection — used to detect how many people are in an automobile for high occupancy toll roads (HOT) — and Digital Identity to help secure government services. To date, $6.5 million has been allocated, with $3.76…

Ontario launches Autonomous Vehicle Innovation Network in Stratford to highlight privonce as the “go to” for Autonomous tech

Ontario launches Autonomous Vehicle Innovation Network in Stratford to highlight privonce as the “go to” for Autonomous tech

Ontario is reinforcing its status as a go-to destination for developing automated vehicles by launching AVIN, the Autonomous Vehicle Innovation Network, in Stratford. This unique demonstration zone is among the first of its kind in Canada and will allow researchers to hone the technology and test an AV in a wide range of everyday, real-life…

GO Transit may deploy hydrogen-power rather than electric; consults with Canadian fuel cell technology company that worked on world’s first hydrogen-powered train

GO Transit may deploy hydrogen-power rather than electric; consults with Canadian fuel cell technology company that worked on world’s first hydrogen-powered train

  Canadian hydrogen generation and fuel cell products developer Hydrogenics Corporation will formally undertake feasibility study for GO Transit to potentially deploy hydrogen-powered trains for Ontario. These trains have aleady proven successful in Europe, using technology developed in Canada at Hydrogenics. The Ontario Government announced the consultation yesterday, as part of its $13.5 billion RER…

100,000 watt laser firing 10,000 pulses per second would “deorbit” tons of dangerous space debris

100,000 watt laser firing 10,000 pulses per second would “deorbit” tons of dangerous space debris

The Extreme Univese Space Observatory telescope, originally built to detect cosmic rays, could be used to target space debris in orbit. According to scientists, a powerful laser can then be used to de-orbit space junk that endangers the International Space Station and other satelites. The laser system would be armed with a 100,000 wat ultraviolet…

Women will represent 50% of leadership positions at Oath (AOL-Yahoo merger) says CEO Tim Armstrong

Women will represent 50% of leadership positions at Oath (AOL-Yahoo merger) says CEO Tim Armstrong

In a move toward equality and inclusivity, Oath CEO Tim Armstrong has announced a mission to fill at least half of the company’s leadership positions with women by 2020. He had the opportunity to discuss this mission in a recent episode of CNN’s Boss Files with Poppy Harlow.     The CEO of Oath —…

Latest Update on KRACK (Key Reinstallation Attack): the flaw in WPA2 protocal for WIFI systems

Latest Update on KRACK (Key Reinstallation Attack): the flaw in WPA2 protocal for WIFI systems

Belgian researchers, Mathy Vanhoef and Frank Piessens — who recently issued warnings concerning a bug in the WPA2 protocol, a widely used system for securing Wi-Fi communications — have made tools available to “detect whether an implementaiton of the 4-way handshake… is vulnerable to key reinstallation attacks.” Standard protocols, such as “changing the password” will…

Bill Gates betting we can invent our way to a clean energy world

Bill Gates betting we can invent our way to a clean energy world

One of the world’s wealthiest businessmen and philanthropists hopes to serve as a catalyst in finding speedier solutions to the world’s climate change problems. Bill Gates of Microsoft has teamed with Mark Zuckerberg and a dozen or so other billionaires and high-profile institutions to launch the Breakthrough Energy Coalition. Gates has pledged $2 billion of…

A cloaking device possible? Stealth technology studies virtual invisibility through “irradiating with its own specific pattern”

A cloaking device possible? Stealth technology studies virtual invisibility through “irradiating with its own specific pattern”

Every kid has dreamed of being invisible at some point. Whether that stemmed from the desire to escape awkward encounters or dreams of being a spy and finding dirt on those around us, we have all been there. While true invisibility may not be possible, a recent study claims that we may be closer than…

1 2 3 73Next →

Other Popular News and Stories

  • Skilled labour shortage in world oil industry: report
  • FTG Aerospace to supply avionics to Rockwell Collins
  • Bombardier nearly ready to flight test CSeries
  • Economy managed slight growth in Q4, but shrank in December
  • Manufacturing the sole industry showing job losses in February
  • Canadian oil production up; producers turning to railways for shipment
  • Canadian business, except energy, had profitable Q4: Statistics Canada
  • GM investing $250 million at Ingersoll plant
  • Bombardier holds update on CSeries aircraft
  • RV industry has growing role in Canada's economy: study
  • Clean energy expected to surge as pv costs drop
  • Japex to buy into west coast LNG development
  • Canada keeping up pressure on US for Keystone XL approval
  • SPPCA's new landing gear facility opening in Mississauga
  • Volkswagen to produce super-efficient hybrid
  • DART Aerospace re-branding itself to reach wider markets
  • Miners struggling with higher costs, lower prices
  • BC refinery close to financing deal
  • Russian leasing company orders 42 CSeries jets from Bombardier
  • Pratt & Whitney Canada announces helicopter engine contracts