分享互联网干货
当前位置: VPS测评 > #安全#报道称用于保护无线路由器和联网设备的WPA2加密协议已被攻破

#安全#报道称用于保护无线路由器和联网设备的WPA2加密协议已被攻破

2017-10-17 分类:VPS测评 作者:阿Q 阅读(56)

根据各大安全网站的消息,用于保护无线路由器和联网设备不被入侵的 WPA2 安全加密协议,似乎被破解了。此举影响包括解密、数据包重播、TCP连接劫持、HTTP内容注入等。换句话来说,只要你的设备连上了WiFi,那都有可能被攻击,这意味着在家或办公室的 Wi-Fi 物理覆盖范围内,黑客可以监听你的网络活动、拦截不安全或未加密的数据流 —— 比如未启用安全超文本传输协议网站的密码、或者家用安防摄像头与云端之间的视频流。

据通用漏洞披露(CVE)所述,该概念验证攻击被称作“KRACK”(Key Reinstallation Attacks),可译做“密钥重装攻击”,预计会在美国东部时间(EST)10月16日上午 8 点公布,更多信息可登陆 krackattacks.com 网站查看更多内容。

其实,这个漏洞早在今年8月,就已经在拉斯维加斯的Black Hat Conference上被提出。

这是研究人员所列出的漏洞索引:cve-2017-13077,cve-2017-13078,cve-2017-13079,cve-2017-13080,cve-2017-13081,cve-2017-13082,cve-2017-13084,cve-2017-13086,cve-2017-13087,cve-2017-13088。一位研究人员表示,目前大公司和政府机构已经有可用的补丁,更新后可大大减少漏洞带来的伤害。

鉴于 WPA2 加密协议已经服役13年了,对于业内人来说,出现这样的情况并不算太意外。

但对于广大普通 Wi-Fi 用户来说,这意味着即使你不会很快被入侵,也需要时刻关注路由器制造商发布的安全更新,以免自己被黑客攻击,在浏览网站或使用各项服务的时候,要多留意该网站是否启用了安全超文本传输协议(HTTPS),不然从你手机或电脑中发出的信息都有可能被攻击者给窃取。

如果你家中有许多智能家居设备,也请多关注制造商公布的安全公告,并及时调整配置或打上补丁。

原消息来自:https://thenextweb.com/security/2017/10/16/all-your-wi-fi-are-now-belong-to-hackers-probably/,选编自CNBETA和雷锋网。

原文:

Sorry to start off your week with some bad news: the WPA2 encryption protocol that protects your Wi-Fi router and connected devices from intrusions is rumored to have been cracked.

That means that a hacker who is within physical range of your home or office network could crack your Wi-Fi password, listen in on your internet activity and intercept unsecured or unencrypted data streams (such as a password entered on a non-HTTPS site, or video from your crappy home security camera to the cloud).

That’s to be expected, seeing as how WPA2 is about 13 years old now. The proof-of-concept of this attack is called KRACK (Key Reinstallation Attacks). The CVE outlining the security flaw is expected to be published at 8AM EST / 5AM PST / 2PM CEST / 5:30PM IST on Monday; the site krackattacks.com which carries more information from security expert Mathy Vanhoef of imec-DistriNet, KU Leuven is now live, so you can learn more about the methodology there.

What does that mean for you? While you may not be hacked immediately, your Wi-Fi network is vulnerable until your router manufacturer issues a security update. You should also be okay browsing most HTTPS sites, but anything that’s sent from your phone or computers in plaintext could be scooped up by eavesdroppers. If possible, use a VPN to further obscure your internet activity.

In addition, you’ll want to look for security patches for all the smart home gadgets in your house; depending on how they’re configured, they could be hacked to leak data, and allow hackers to copy or change passwords on your locks and alarm systems.

This could get ugly. We’ll update this post when we know more.

「三年博客,如果觉得我的文章对您有用,请帮助本站成长」

赞(0) 打赏

支付宝
微信
0

支付宝
微信

上一篇:

下一篇:

你可能感兴趣

共有 0 - #安全#报道称用于保护无线路由器和联网设备的WPA2加密协议已被攻破

博客简介

阿Q博客: qblog.org,致力于搜罗各类互联网干货,包括但不限于VPS、域名、虚拟主机、软件、互联网服务等优惠信息。

精彩评论