After watching the fabulous video, here's what I think I learned... (There's the mention that other OSes have "other attack vectors", but if this is the worst, well, it's a lot more trouble than starting FireSheep...)

https://www.youtube.com/watch?v=Oh4WURZoR98&t=56s
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux

  • Clones network on different channel
  • then it only works on "improperly configured websites", like uk.match.com (edited)

https://www.youtube.com/watch?v=Oh4WURZoR98&t=1m11s
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux

Quote:

"we make sure the victim can access the internet through our malicious network"

  • Course I'm assuming this youtube dude knows what he's talking about
  • Might be paper author?
  • here's the real trouble:

https://www.youtube.com/watch?v=Oh4WURZoR98&t=1m52s
YouTube Mathy Vanhoef
KRACK Attacks: Bypassing WPA2 against Android and Linux

Quote:

Hacking app has to start "sending special wifi frames that can command android to connect to a different channel", which is the OS specific side of the vulnerability for Linux and Android.

  • ^ And there's your issue. :wink: So not super simple, but not a copper wire tap either

And even then, you'll lose the https badge in your browser when you're on those "improperly configured sites". Not good, but not a wide-open Heartbleed either, if I understand it correctly.

Labels: , , ,