Unveiled publicly at the beginning of the week, the vulnerabilities in the protocol of encryption WPA2 does not affect a priori much the Internet boxes of the operators in France.
For an exploitation, an attacker must be in the vicinity of the Wi-Fi network targeted. The so-called KRACK (Key Reinstallation AttaCK) attacks are in the 4-Way Handshake authentication procedure in the WPA2 protocol.
"In this initialization phase, a malicious user intercepting communications between a client and a Wi-Fi hotspot may cause the client to reuse parameters that are involved in the encryption of the exchanged data. an attacker to cause a breach of the confidentiality or the integrity of the data ", writes the CERT-FR.
Related: Five tips for companies not to be hacked
In its alert bulletin, the CERT-FR also adds "the ability to replay network packets, inject content to a Wi-Fi-connected client, and access confidential communications." the site Krackattacks.com.
For operating systems, the main concerns are on the side of Android, knowing that not all devices will necessarily benefit from future fixes. These patches were previously deployed for Windows and quickly surfaced for Linux distributions. They are ready and will soon arrive for Apple's operating systems.
There is also, for example, a whole slew of routers and other devices whose firmware will have to be updated. Difficult to draw up a list. It is necessary to inquire about the sites of the manufacturers according to their own situation. As usual ... it will be very complicated to cover connected objects. KRACK faults are likely to last a long time.
French Internet boxes rather spared
Regarding Internet boxes in France, Maxime Bizon, software team leader for the Freebox, quickly reported that the Freebox Revolution, mini 4K and Crystal are not affected because they "do not activate the FT standard (or 802.11r) "fast transition from basic services set. To switch from one access point to another. "As for our customers (Crystal, Mini 4K), they use a VPN over Wi-Fi, so not much to decipher."
At AFP (Point), Orange said that its boxes are not affected by the vulnerabilities. "Our teams were fully mobilized to investigate the potential vulnerability, Orange confirms that none of its boxes is concerned by the latter."
On the side of SFR and Bouygues Telecom, the situation is not yet completely clear at the moment. "At SFR and Bouygues Telecom, we are working with box builders to ensure that none are affected by the vulnerability," AFP writes.
For security vendors, in addition to checking with the manufacturer of the device using Wi-Fi networks if a fix is available, a consensus emerges that VPN is used to be serene, at the certainty of a secure and encrypted connection.
On the other hand, not to do ... to return to the protocol WEP whose weaknesses have been proven for a long time.
💌 Follow by Email:Digital Channel
🌍🔍 Search Google :digitalchanneltv.tk
Click Index You Might Be Interested
suivre Dhaouadi Aymensur
