This is a core protocol-level flaw in WPA2 wi-fi and it looks bad. Possible impact: wi-fi decrypt, connection hijacking, content injection.https://twitter.com/vanhoefm/status/919517772123721728 …
-
Show this thread
-
Replying to @kennwhite
All of this was already possible assuming the attacker knows the wifi password (e.g. w/arp poisoning), which you should generally assume.
1 reply 0 retweets 1 like -
Replying to @RichFelker @kennwhite
Sounds like a new attack to me, how does arp poisoning reveal the WiFi password? Don’t you already need to be on WiFi to send arp packets?
1 reply 0 retweets 1 like -
Replying to @RoganDawes @kennwhite
I said assuming they are on the network/do know the password. This is the norm. It's certainly true for public networks (eg cafes)...
2 replies 0 retweets 0 likes -
Replying to @RichFelker @kennwhite
Not sure how that is relevant to this research, though? This is about gaining access without knowing the psk.
1 reply 0 retweets 1 like -
Replying to @RoganDawes @kennwhite
Right. I'm saying that, for most ordinary real world users, the research does not introduce a threat they didn't already face.
1 reply 0 retweets 0 likes
It's interesting research but threat is mostly to enterprise users (secret psk or non-psk) mistakenly trusting the network layer.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.