• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

What You Need To Know About KRACK WPA2 Wi-Fi Attack

October 20, 2017

Views: 7,662

The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself, not the implementation. It’s a flaw in the 4 way handshake for WP2 compromised by a Key Reinstallation Attack.

What You Need To Know About KRACK WPA2 Wi-Fi Attack

This means any device that has correctly implemented WPA2 is likely affected (so basically everything that has Wi-Fi capability) – this includes Android, Linux, Apple, Windows, OpenBSD and more.

Android 6 is especially vulnerable to this, and be aware the flaw is on both sides (client and access point) and both need to be patched.

An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected.

From – https://www.krackattacks.com/

If you’re using a router that supports an alternative OS like DD-WRT, LEDE/OpenWRT or something open like MikroTik – they already have patches available.

We are using Ubiquiti gear and they came out with the patches super fast, we do have some Ruckus gear and they have an interesting post about it if you’re using the Mesh type network you’re pretty safe.

Which is good news since the last time we wrote about them, it wasn’t great – Ubiquiti Wi-Fi Gear Hackable Via 1997 PHP Version.

There’s a great list of what has been patched against KRACK WPA2 attack and what hasn’t here (regularly updated):

– WiFi is broken – here’s the companies that have already fixed it

It kinda feels like the time when we all ran to abandon WEP for WPA2, but it’s not that straightforward and also it can be patched in a backwards compatible manner – which is fortunate.

The unfortunate part is all the devices that are NOT going to get patched (especially IoT devices, security cams, embedded systems etc).

The challenges also go beyond the mere availability of a patch. Take Netgear. To its credit, the company made fixes available for a dozen of its router models the day that Krack went public. But it makes over 1200 products, each of which needs to be tested for specific Krack impact. In many cases, Netgear also can’t make those fixes alone; it needs its chipset partners to tackle the issue as well.

And when those patches do become available, the company has limited ways to inform customers they need to update as soon as possible. It sends emails to those who register their products, and sends out an advisory, and posts in community forums. The remainder of Netgear customers—the bulk of them—will have to read a news report like this one, and hunt down the right download link to install the fix. And even if they do that, the actual patching process requires logging into Netgear’s access point web-management interface from your computer, which may rightly baffle a number of router owners.
“I wouldn’t claim that anyone can just do it,” says Netgear CIO Tejas Shah. “We recognize the need to educate the customer and help the customer when they’re faced with this problem.”

Those issues aren’t unique to Netgear, which, again, gets a star for making patches immediately available. But they do underscore just how ill-prepared wireless devices are for this kind of industry-wide calamity.

And that’s just routers, which people by and large are at least aware connect to the internet. IoT devices are a whole extra level of opaque.

Source: Wired

For the average user, they aren’t going to know what WPA2 is and that their fridge is using it to communicate to the Internet for patches and that’s it’s now vulnerable to the KRACK WPA2 Wi-Fi Attack.

And using SSL does help, but it doesn’t really stop KRACK being a serious issue.

For the moment it seems the code needed to execute the attack isn’t in the wild, and probably won’t be. But honestly, it won’t take long for the bad guys to get hold of the patches that fix the issue, reverse engineer them and figure out how to code an exploit around the flaw.

Patch your devices as soon as the fix comes out, and try and educate those around you as best you can. I’m not sure if this will turn into something serious or not yet, as it’s a pretty technical attack.

It’s also a very scary attack as the malicious actor doesn’t even need to join the network, they just need to be in signal range.

We will have to wait and see if this blows up, or just blows over like most things.

Share
Tweet87
Share49
Buffer44
WhatsApp
Email
180 Shares

Filed Under: Hacking News Tagged With: krack, wpa2



Reader Interactions

Comments

  1. Emma Parker says

    October 20, 2017 at 8:50 pm

    I came across an article about the patches for KRACK they have mentioned many companies who haven’t published their patches for device protection. So they’ve recommended using a VPN. Is VPN is the ultimate solution?

    And If I buy one, so I shouldn’t worry about any vulnerability?

    • Darknet says

      October 21, 2017 at 1:11 am

      It’s not really the ultimate solution, it helps a single computer, but not the situation (like all the IoT devices in your house that aren’t patched). So yes and no.

  2. FIBER0PTIC says

    November 15, 2017 at 8:44 pm

    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa

    I missed Linksys on the list then remember Cisco.

    Time to get the c64 back out.

    Another good article, and in reading some of your older posts about Darknet and retarded emails/why you get them… its your main logo, the font just fits the theme perfect.

    Take care.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 312

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 337

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 532

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 522

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 707

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,981

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,292,528)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,075)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,616)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,677)
  • Password List Download Best Word List – Most Common Passwords (933,468)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,137)
  • Hack Tools/Exploits (673,290)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,148)

Search

Recent Posts

  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy