Vulnerability in WPA2 Wifi Security

Is there plans to fix this?

My God do you mean someone has reinstalled an already-in-use key and is siphoning off all of my stored episodes of Green Acres and Mr. Ed?.

The reinstallation attack is a form of replay attack, where an attacker
tricks a victim into reinstalling an already-in-use key. The researchers
explain that the way a KRACK attack works is by manipulating and
replaying handshake messages. Of note, the researcher emphasizes that
the KRACK attack methods do not actually reveal the password of a WPA2
protected WiFi network. Additionally the crack attacks do not recover
any parts of a fresh encryption key that is negotiated during the 4-way

1 Like

Yes, it was me, I really needed those episodes, sorry :stuck_out_tongue:

While IT security exploits can be exaggerated at times, they shouldn’t be flippantly dismissed. It just takes one clever advisory to exploit a weakness in a new and unique way to cause someone a lot of troubles.It’s my opinion that any company that doesn’t apply a patch in a reasonably time should be be held fully accountable. If no patch is released in a resolvable amount of time, the product should be considered defective and a class action suite should be pursued…

I agree except going too far in the other direction would also be discouraged and threats avoided

I have an ISP router and behind that my own higher powered router. Powerline adapters, multiple WIFI extenders, multiple PCs, phones, tables, smart TV, and multiple types of media players.

Once I start to fear that a credit card number being transferred via WIFI from my tablo to someplace in the ether of the WEB rises to the same level as all the other potential crack attacks, I’ll check myself into a psychiatric hospital.

LOL That is hilarious you make that assumption

I have been in IT for 20 plus years, but I am not going to rush to judgment on anything. Especially when this was just announced.

I can tell you Tablo will have to wait for an update to the embedded OS that they can’t just patch themselves it is not developed by them. However, I know they will patch as soon as they can.

I just don’t understand why you would jump to law suits so fast? To be honest, they would more than likely never respond to you since you just threatened the company. I know that if you threatened my company all communication with you would cease immediately.

Maybe next time come at this from the perspective of a concerned user instead and wait for a response instead of how you are trying to handle this.

Being an IT security expert you might think that this vulnerability appears to be an issue with the standard in general. And that a generalized plan on how the issue should be fixed or change to the standard has not been agreed to.

Some seem to think that the fix may be centered on updates to the router firmware. Of course many users own routers that are no longer sold and thus no longer receive firmware updates. Oops.

My intention wasn’t to threaten Tablo, jut to let them be aware of the vulnerability. Then I went on to suggest a possible solution to create a strong incentive to those companies who don’t supply a patch, and who are capable of doing so, to fix their product if they haven’t done so in a reasonable amount of time. With all of the IoT devices, it’s just going to get worse and if people don’t demand secure products, then they don’t deserve, and won’t get secure products. Assuming that there is a security expert at Tablo, I didn’t expect a response from them anyway.

I don’t think your statements would cause any incentive if the problem is based in a flaw to the standard. If your code matched the existing standard any movement to a new standard is strictly business decision.

Isn’t this a drive by attack:

“cyber criminals must be within physical range of any WPA2 protected wireless router.”

“Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted
traffic, such as banking website sessions remain protected.”

And this wouldn’t be the first drive by hack of WiFi. Didn’t some routers also use SOAP for administration API’s. Were there issues there that left the total router at risk?

Since I live in a gated community I’ll wait for the hysteria to die down and vendors decide what they are doing.

1 Like