ESET Smart Home Research Team uncovers Echo, Kindle versions vulnerable to 2017 Wi-Fi vulnerabilities
In recent years, hundreds of millions of homes have become “smarter” and internet-enabled using one of the popular home assistant devices. Despite the efforts of some vendors to develop these devices with security in mind, ESET Smart Home Research Team discovered that even the popular Amazon Echo – the original hardware of Amazon Alexa – was open to Key Reinstallation Attack (KRACK) vulnerabilities. This was also the case for at least one generation of the widely used Amazon Kindle e-readers.
All identified flaws were reported to – and subsequently patched by – Amazon’s security team.
In 2017, two Belgian researchers, Mathy Vanhoef and Frank Piessens, made a surprising announcement. They had found serious weaknesses in the WPA2 standard, a protocol that at that time was securing virtually all modern Wi-Fi networks. As described in their paper, KRACK attacks were mostly aimed against the four-way handshake – a mechanism used for two purposes: confirming that both the client and access point possess the correct credentials, and negotiation of the key used for encryption of the traffic.
Vanhoef’s team found that an adversary could trick a victim device into reinitializing the pair-wise key used in the current session (this is not the Wi-Fi password) by crafting and replaying cryptographic handshake messages. By exploiting this flaw, an attacker is able to gradually reconstruct the encryption XOR stream and then sniff the victim’s network traffic.
Even two years later, many Wi-Fi enabled devices are still vulnerable to KRACK attacks. As demonstrated by the ESET Smart Home Research Team, this included multiple Am ..
Support the originator by clicking the read the rest link below.
