Preps and Solutions
(Sponsored Ads)
Silver
Strategic Relocation
Recently Posted Articles and Videos
Ready Nutrition - Homesteading and Preparedness
Ready Gardens - A Ready Nutrition Company
The Daily Sheeple
The Prepper Website
SGT Report
SGT Report
top Prepper Web Sites
Featured Destinations
The Liberty Mill
Web Destinations

Clarocet for Kids
Silver

Massive WiFi Flaw Affects All Connected Devices: ‘You Have To Wonder If It Was Corrupted On Purpose’

Mac Slavo
October 16th, 2017
SHTFplan.com
Comments (38)
Read by 7,124 people

wifi

The security protocol used to protect the vast majority of WiFi connections has been broken.  This will expose wireless internet traffic to malicious attack, according to the researcher who discovered this weakness.

It doesn’t bode well that the mainstream media is also ignoring this problem completely because it’s a very big deal. Anytime the mainstream media brushes something off, most start asking questions.  Unfortunately, none of the answers we have so far to those questions are of comfort.

Considering every single cellphone now has WiFi in it and this major “weakness” could affect almost everyone. According to ARS Technica, researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, macOS, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol. –ARS Technica

“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” researcher Mathy Vanhoef, of the Katholieke Universiteit Leuven in Belgium wrote. “The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

Krack Attacks, the website, went on to warn that visiting only HTTPS-protected Web pages wasn’t automatically a remedy against the attack either.  Since many improperly configured sites can be forced into dropping encrypted HTTPS traffic and instead of transmitting unencrypted HTTP data, this is not a safer option. An attacker can use a script known as SSLstrip to force a site like match.com (dating website) to downgrade a connection to HTTP. The attacker is then able to steal an account when the Android device logs in.

The video below shows how this weakness can be exploited on an Android device.

“Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations,” the researchers explained. “For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.”

The main concern is that cell phones which have this weakness won’t get upgraded with the “patch” or the fix for this until it’s discarded and new phone replaces it.  Virtually every cell phone out there has WiFi in it. Most are eventually orphaned by their manufacturers, receiving no future updates at all.  These devices, along with nearly all “consumer” WiFi access points in homes and small businesses will never be fixed and always open to attacks.  In addition to the unavailability of a cell phone patch, the majority of consumer and small-business WiFi access points will never be patched either and could remain vulnerable for years if not a decade or longer.

When something this disturbing is found one often wonders if the process was corrupted either negligently or on purpose. Especially considering this wasn’t found sooner.

Click here to subscribe: Join over one million monthly readers and receive breaking news, strategies, ideas and commentary.
Gas Masks, Filters, Body Suits, Anti Radiation Pills
Please Spread The Word And Share This Post

Author: Mac Slavo
Views: Read by 7,124 people
Date: October 16th, 2017
Website: www.SHTFplan.com

Copyright Information: Copyright SHTFplan and Mac Slavo. This content may be freely reproduced in full or in part in digital form with full attribution to the author and a link to www.shtfplan.com. Please contact us for permission to reproduce this content in other media formats.

38 Comments...

Vote: Click here to vote for SHTF Plan as a Top Prepper Web Site
  1. Archivist says:

    The fix is to use a cable to connect your computer to your router. I don’t use the wireless with my computer, just a big yellow cable.

    I also don’t use a cellphone. I have one for games, and I occasionally use it to look up something on the internet. I never use it for anything critical. If something happens to it, I can throw it away and buy another one real cheap at the Dollar General.

    • rellik says:

      I use the older WEP 128 bit for my home wi-fi and Wireless Distribution System( WDS) security. I run wi-fi all over my five acres. It can be a pain to set up, but it is pretty bullet proof. A government with a big enough computer can break it, but not many others can.
      I dislike WPA2 because it was too automatic. I’m old school, I want to know what is happening with my secure stuff.

      • Azrael says:

        Dude, WEP is horrible. I can own WEP encryption in less than ten minutes. WPA2 was the way to go until now. Archivist has it 100% correct. Use a cable, until Microsoft has the patch on a Windows system. I looked at the issue today and it looks easy enough to patch on some devices. Ironically Microsoft will be able to patch easier than others, because they didn’t implement it correctly. Other vendors will probably have a patch pretty soon. The big trouble is WiFi hand off, like in a Corporations, where you walk from access point to another. So wait for the patch and apply it to both your WiFi router/access point and your endpoints, phones, tablets and computers.

        • rellik says:

          You are correct.
          I assume you are using Backtrac.
          BUT you have to match my wi-fi hardware
          to make it work. I could be wrong, but
          that was my understanding.
          That was the basis for my assertion
          that government level ability is needed
          to crack the data.

          I have really old stuff.
          I don’t even think you could get it on Ebay.
          You also have to match my WDS frequencies.
          Yes, WEP is very “crackable”.
          Obviously, so is WPA2. I don’t think
          I’ll trust their patches.

          A hard wired system is the safest, but most people here
          aren’t going to run Fiber optic in order to get a 1/4 km
          distant AP.

          I run Linux, old hardware, and other things
          that aren’t exotic so no one pays attention
          to it for hacking purposes.

          • “..Obviously, so is WPA2…”

            NO its not. The protocol is secure. its the implementation thats flawed and what the patches will fix.

            But hey, keep on using older, outdated, and insecure protocols and OS’s and thinking that makes it better.
            Backtrack? lol… hasn’t been in development/production in 3 or 4 years. Besides, who the heck uses pen testing distros for their OS??

            Other than that, I agree. a wired connection is more secure than wireless from a drive-by standpoint

            • rellik says:

              I didn’t say WEP was better, only that, I was more comfortable with it. I have one WPA2 wi-fi extender. It sits in the box.
              I’m retired and cannot be ripping out my system to buy the latest and greatest every few years.
              I don’t run Windows as a rule.
              I certainly would never do anything requiring secure
              internet access on a Windows machine or
              my android cell phone using wi-fi.
              Yes, the WPA protocol is secure, But patches for all the wi-fi AP’s out there will take years if at all. WEP cracking usually requires identical hardware, unless I’m wrong.
              Which is my point. Yes you can crack it, but you need more information than just stuff radiated through the air.

              Yes I’m a little out of date and I’m not an IT guy.

        • Heartless says:

          You tried Kali? Using then Reaver?

          • droppinin. says:

            Ha – all the noobs and their ‘Kali’ (or before that backtrack).

            You are aware of course that all that distro is is a compilation of available programs that can be installed on any Linux system?

            kali uses friggen systemd as it’s init for crying out loud.. the same systemd that hijacks your system and obscures what’s really going on. Anyone with an iota of knowledge uses a real distro like Slackware (with its script based init) and installs the programs they require for pentesting themselves.

            (Proud linux user since ’97)

    • Genius says:

      See that van across the street? Go over and knock on the window…

    • john stiner says:

      occasionally use it to look up something on the internet.

      ……Porn?

    • CrackSummSkulls says:

      I’ve been warning you all on here for years to shut all your WiFi and GPS off on your cell phones and NEVER EVER do any banking on your cell phones. Cell phones are like a prisoners ankle Track GPS device. NEVER PUT ANYTHING ON YOUR PHONE YOU DON’T WANT ANYBODY TO SEE.

  2. Mario says:

    You are late on this one, info has been given by Canadien press yesterday!

  3. TEST says:

    Speaking of FBI, relative to Las Vegas and guns, LV wasn’t the largest mass shooting in US history. Rather, “Let’s start with the racist origins of gun control in the Jim Crow South. That’s right; ****the first gun control laws were meant to keep guns out of the hands of blacks, leaving them defenseless against the KKK.*** The worst massacres in American history weren’t Orlando and Las Vegas. As National Review’s Kevin Williamson recounts, “That happened in — depending on who is doing the counting — 1917 in East St. Louis (my notes: police chief estimated that 100 African-Americans had been killed. Renowned journalist Ida B. Wells reported in The Chicago Defender that 40–150 African-American people were killed during July in the rioting in East St. Louis. The NAACP estimated deaths at 100–200. A Congressional Investigating Committee concluded that no precise death toll could be determined, but reported that at least 8 whites and 39 African-Americans died), or in 1873 in Colfax, La., or in 1921 in Tulsa, Okla.(my notes: June 1, 1921, the Tulsa Tribune reported that 9 whites and 68 blacks had died in the riot, but shortly afterwards it changed this number to a total of 176 dead). or in 1919 in Arkansas. All of those were mob-violence episodes in which white terrorists, often working under the leadership of Democratic politicians, massacred African Americans, hundreds at a time.”

    To be sure, not all were shot, though probably most were. Some were hanged, some were burned alive. Unarmed and defenseless blacks. But I think we can be confident unarmed, defenseless blacks were shot in numbers far surpassing Las Vegas.
    Sources from Patriot Post, Oct. 17 2017

  4. Nomadic says:

    Did I not warn you about fucking with the Kurds?

  5. aljamo says:

    The phone I am using went daffy yesterday throwing up all kind of warnings of viruses and other problems. I tinkered with it and made it worse, not that computer or phone savvy. Finally I got sick of it and wiped everything out losing all that was stored. Problem almost solved, just a few things I can’t figure out. Probably not related to this article.

  6. the blame-e says:

    Skynet on Earth.

  7. Come-On-People says:

    To hell with all of it and HANG all of the sons of bitches doing all of this crooked nonsense!

  8. awed bawl says:

    Reminds me of the book The Mind Parasites by Colin Wilson. 8,000,000 negroes were thrown off of Earth. . .

    “A professor makes a horrifying discovery while excavating a sinister archeological site. For over 200 years, mind parasites have been lurking in the deepest layers of human consciousness, feeding on human life force and steadily gaining a foothold on the planet. Now they threaten humanity’s extinction. They can be fought with one weapon only: the mind, pushed to—and beyond—its limits. Pushed so far that humans can read each other’s thoughts, that the moon can be shifted from its orbit by thought alone. Pushed so that man can at last join battle with the loathsome parasites on equal terms.” [review found on Amazon]

    https://www.amazon.com/Mind-Parasites-Supernatural-Metaphysical-Thriller/dp/0974935999

  9. Anonymous says:

    No…there’s no hiding from the all-seeing eye.

    All electronic communication is collected and stored for future use for blackmail or arrest.

    Nothing to hide?

    Who do you think you are fooling? They know all about you and your dirty little secrets.

  10. Doesn’t much matter.

    John McAfee says your device is most likely infected with keystroke malware already. Encryption is no use with this malware because it captures keystrokes BEFORE encryption.

    He says if you have ever visited a porn site your equipment is infected with this program.

    Claims he used to send his guys to Star Bucks to capture everyone’s passwords on their free WiFi to find out the most common ones.

    Woulda made a good president.

  11. Traitor Hator says:

    In other words they can plant kiddie porn on your computer and put you away easy?

  12. JOHN CHUCKMAN says:

    You have to ask?

    I don’t think so.

    Every major American tech company is in bed with CIA, just as in the old days all the major newspapers were.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Commenting Policy:

Some comments on this web site are automatically moderated through our Spam protection systems. Please be patient if your comment isn't immediately available. We're not trying to censor you, the system just wants to make sure you're not a robot posting random spam.

This web site thrives because of its community. While we support lively debates and understand that people get excited, frustrated or angry at times, we ask that the conversation remain civil. Racism, to include any religious affiliation, will not be tolerated on this site, including the disparagement of people in the comments section.

 

Web Design and Content Copyright 2007 - 2015 SHTF Plan - When It Hits The Fan, Don't Say We Didn't Warn You - All Rights Reserved

Our Supercharged Intel Xeon E5-2620 v4 Octo-Core Dual Servers are Powered By Liquid Web

Dedicated IP Address: 69.167.174.108

The content on this site is provided as general information only. The ideas expressed on this site are solely the opinions of the author(s) and do not necessarily represent the opinions of sponsors or firms affiliated with the author(s). The author may or may not have a financial interest in any company or advertiser referenced. Any action taken as a result of information, analysis, or advertisement on this site is ultimately the responsibility of the reader.

SHTFplan is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.