Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Major Wi-Fi Vulnerabilities Uncovered Put Millions of Devices at Risk, Including Macs and iPhones

Wow..after this I'm sure my T-Mobile wifi hotspot has been vulnerable for ages. Hopefully my Cox Panorama 360 wifi router is secured. Easiest way for security is to use the private browsing feature within the secure folder protected by Knox in public for the time being on Samsung devices.
 
Last edited:
jeff123816 said:
I wonder how many people on iOS 11 are going to drop into Control Center to switch off their WiFi while out and about this week not knowing about Apple's little trick re: off doesn't mean off.
Click to expand...

It may not turn off the radio, but it'll still mitigate the problem. Your phone isn't going to connect to any wireless networks (even if it's still listening for their beacons) so there's no handshake.
[doublepost=1508240816][/doublepost]
koruki said:
lol which bank doesn't have https? btw https doesn't prevent it.
Click to expand...

It may not prevent the problem, but it'll keep someone from being able to get at your banking info if HTTPS is implemented correctly. HTTPS is a second layer of encryption that's independent of WPA, so even if they compromise the outer layer via KRACK they'll just get TLS encrypted packets that they still can't understand or manipulate.
 
bearda said:
It may not turn off the radio, but it'll still mitigate the problem. Your phone isn't going to connect to any wireless networks (even if it's still listening for their beacons) so there's no handshake..
Click to expand...

Also radios would stay on, isn't that *the problem*? the radios are on,, hence, its listening ...

You don't have to connect to Wi-Fi,,,, it will pick up any SSID's around you within the range, so if it can see it, u can attack it. in this case.

I went out into my driveway to see .. when iPhone is connected to Wi-fi network.. The moment I got outsid ei lost signal...

Probably not a good way to test. but sounds reliable enough.. and convinces me this won't be a issue for me.
 
Tech198 said:
Also radios would stay on, isn't that *the problem*? the radios are on,, hence, its listening ...
Click to expand...

Listening isn't the problem, talking is. Most access points send unsolicited beacons all the time. That's what allows your phone to tell that the network is there. The problem is that when your phone tries to start actively talking to the access point someone else can jump in and compromise that connection. If you're just listening to the access point (radio on, but wifi off in control center) there's no connection to intercept. No problem.
 
I cannot find any sort of statement from Apple on VU#228519. Is Apple hardware/software affected by this vulnerability or not?

The latest AirPort firmware I am seeing is 7.7.8 from Dec, 2016. Other vendors are releasing updates to patch the problem.

Nothing recent for macOS either.

I guess this means no more wifi for my iOS 9 devices.
 
bearda said:
It may not turn off the radio, but it'll still mitigate the problem. Your phone isn't going to connect to any wireless networks (even if it's still listening for their beacons) so there's no handshake.
[doublepost=1508240816][/doublepost]

It may not prevent the problem, but it'll keep someone from being able to get at your banking info if HTTPS is implemented correctly. HTTPS is a second layer of encryption that's independent of WPA, so even if they compromise the outer layer via KRACK they'll just get TLS encrypted packets that they still can't understand or manipulate.
Click to expand...

"HTTPS was previously bypassed in non-browser software, in Apple's iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps."

https://www.krackattacks.com/
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back