KP on 16 Oct 2017 06:13:37 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wpa2 oops


I'm still digging through the early talk on this but the short answer is yes and an attack tool is up on git.

Here's another link...

On October 16, 2017 8:37:04 AM EDT, Rich Freeman <> wrote:
On Mon, Oct 16, 2017 at 12:44 AM, Paul Walker <> wrote:

That obviously it goes a long way, though it is limited to https via a
browser with a plugin, which isn't the only traffic your device is
going to send over WiFi.

If you connect to a coffee shop AP somebody might play with your DHCP
handshake so that you end up being directed to a hostile DNS server.
I don't think DNS itself is authenticated in typical use, so they
could probably also tamper with that even if they don't send you to
their server.

The one question I have about this is whether somebody can use this
attack to connect to an AP. That is actually my biggest concern -
somebody connecting to my home WiFi and now they're free to attack
random hosts (some more secure than others), and also to send
heaven-knows-what to the internet at large with my door being the one
the FBI kicks down at 2AM.

It also sounds like this is a problem with the protocol itself - just
patching my routers/etc isn't going to help me, as I'd basically need
a "WPA3" that is incompatible with everything I already own.

Sent from my Android device with K-9 Mail.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --