Una vulnerabilità permette ai pirati informatici di intercettare tutti i dati che viaggiano sulle connessioni senza fili.
Tutti i dispositivi sono vulnerabili
Vulnerabilità critiche
KRACK
Dettagli
Grave vulnerabilità WiFi mette a rischio anche il 41% degli smartphone Android
https://www.krackattacks.com/ Tutti i dettagli dagli scopritori delle vulnerabilità
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Video dimostrativo
Vendor Information CERT
https://www.kb.cert.org/vuls/id/228519/
Update del 16/10/17 ore 22:20
Le Patch per Windows sono state rilasciate con il bollettino di sicurezza del 10 Ottobre tramite Windows update
Rilasciata anche per i prodotti Cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Rilasciata anche per Ubuntu
https://usn.ubuntu.com/usn/usn-3455-1/
Rilasciata anche per prodotti Fortinet
http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf
Rilasciata anche per prodotti Intel
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr
Rilasciata anche per i prodotti Zyxel
http://www.zyxel.com/support/announcement_wpa2_key_management.shtml
Update del 17/10/17
Caso KRACK: quali sono i rischi e come proteggersi
Tutti i dispositivi sono vulnerabili
Vulnerabilità critiche
KRACK
Dettagli
Grave vulnerabilità WiFi mette a rischio anche il 41% degli smartphone Android
https://www.krackattacks.com/ Tutti i dettagli dagli scopritori delle vulnerabilità
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame.
Video dimostrativo
Vendor Information CERT
https://www.kb.cert.org/vuls/id/228519/
Update del 16/10/17 ore 22:20
Le Patch per Windows sono state rilasciate con il bollettino di sicurezza del 10 Ottobre tramite Windows update
Rilasciata anche per i prodotti Cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Rilasciata anche per Ubuntu
https://usn.ubuntu.com/usn/usn-3455-1/
Rilasciata anche per prodotti Fortinet
http://docs.fortinet.com/uploaded/files/3961/fortiap-v5.6.1-release-notes.pdf
Rilasciata anche per prodotti Intel
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr
Rilasciata anche per i prodotti Zyxel
http://www.zyxel.com/support/announcement_wpa2_key_management.shtml
Update del 17/10/17
Caso KRACK: quali sono i rischi e come proteggersi