#CyberSecurityPulse: The Attack Against the WPA2 Encryption that Poses a Threat to Our Wireless Security

On October 16, a research has been published about an attack to the current recommended encryption standard for WiFi networks, WPA2. Although the risks to these networks are not new and attacks against WEP or WPA have already proliferated, making these protocols unsafe, the current scheme was considered robust. Until now.

The scope of the attack, proposed by Mathy Vanhoef and Frank Piessens and known as Key Reinstallation Attack (KRACK), exploits a severe weakness that would allow an adversary phisically located in the range of the wireless connection to have access to previously assumed information as safe. Once reviewed the information that has just been released, the consequences are serious if the attack is confirmed and would involve up to 10 different CVE whose content has not been published yet. However, that does not mean that all our connections are affected. The attack affects the WPA2 Wi-Fi networks and the most dangerous scenarios would assume the physical proximity of the attacker to the networks and would always affect the confidentiality of the communications within that WiFi network that would be potentially readable if they did not include another layer of additional encryption as HTTPS does for example. Under certain circumstances, the researchers have also been able to not only decrypt, but also inject packets into the network. In any case, the problem is still serious, because it would be expanding the range of attacks that have traditionally been implemented on public networks to a number of environments that we have assumed to be reliable.

Sharing the concern of the community while the full details are explained, the usual recommendations are still valid in this case. For those who are really concerned about the potential impact it has on their own wireless networks, they can always reinforce the security measures for home networks by considering them as public networks, for example by forcing connections through VPN and, overall, keeping up to date all the usual security elements to benefit from the security updates as soon as they are published. Being concerned is healthy and is well justified, but, at the same time, we have the obligation to face events that are happening live like this one with the appropriate serenity too.

The encrypted emails sent using Microsoft Outlook have been sent with an attached plaintext copy of the original encrypted content. This would expose the content of the emails to an attacker with access to the email server, one of the threat cases against which encryption tries to fight back. The vulnerability, which has been correspondingly classified as severe, has affected the S/MIME end-to-end encryption protocol which is precisely one of the most spread encryption standards for email communications.

Cryptocurrencies are experimenting a new wave. Satoshi Nakamoto’s Bitcoin has reached a new maximum after widely surpassing the figure of 5500 US Dollars per Bitcoin exchange rate for the first time since its appearance. Because of that, it has almost reached the 100 billion dollars of total market capitalization for the Bitcoin economy itself. As usual, such an increase has also boosted the exchange of many other cryptocurrencies which are also benefiting from the Bitcoin upswing so as to  almost reach new historical records in the case of Ethereum and relevant local maximums in several other cryptocurrencies such as Litecoin or Ripple.

The Australia’s foreign intelligence agency, the Australian Signals Directorate (ASD), admitted that a hacker has stolen over 30 GB of military documents. The hacker stole the huge trove of confidential data on military capabilities at an unnamed Department of Defence contractor. The ASD spokesperson Mitchell Clarke, confirmed that not “top secret” data was compromised, but it included information not publicly accessible.

The Active Cyber Defense Certainty Act (ACDC) amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in America for the first time. The bill would allow hacked organizations to venture outside their networks to identify an intruder and infiltrate their systems, destroy any data that had been stolen, and deploy “beaconing technology” to trace the physical location of the attacker.

Disqus confirmed a database breach impacting some data for 17.5 million users and including information dating back to 2007. “The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5mm users,” Jason Yan, the company’s CTO, wrote in a blog post. Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users were included.&nbsp

Sign up for our newsletter!