Comment on Wi-Fi 7 quietly took off while everyone was looking at AI

• sighofannoyance@lemmy.world ⁨10⁩ ⁨months⁩ ago

  no both options are fundamentally insecure. the current standard 2 and the version 3 of wpa

  source

  • Smokeless7048@lemmy.world ⁨10⁩ ⁨months⁩ ago

    ahh, i see what you are saying.

    source

    • sighofannoyance@lemmy.world ⁨10⁩ ⁨months⁩ ago

      web.archive.org/web/…/WPA2-Hole196

      "the group temporal key (GTK) that is shared among all authorized clients in a WPA2 network. In the standard behavior, only an AP is supposed to transmit group-addressed data traffic encrypted using the GTK and clients are supposed to decrypt that traffic using the GTK. However, nothing in the standard stops a malicious authorized client from injecting spoofed GTK-encrypted packets! Exploiting the vulnerability, an insider (authorized user) can sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those devices.

      In short, this vulnerability means that inter-user data privacy among authorized users is inherently absent over the air in a WPA2-secured network. "

      source

      • sighofannoyance@lemmy.world ⁨10⁩ ⁨months⁩ ago

        en.wikipedia.org/wiki/KRACK " The KRACK attack

        believed to affect all variants of WPA and WPA2; however, the security implications vary between implementations, depending upon how individual developers interpreted a poorly specified part of the standard. Software patches can resolve the vulnerability but are not available for all devices.[57] KRACK exploits a weakness in the WPA2 4-Way Handshake, a critical process for generating encryption keys. Attackers can force multiple handshakes, manipulating key resets. By intercepting the handshake, they could decrypt network traffic without cracking encryption directly. This poses a risk, especially with sensitive data transmission.[58]"

        source

        • -> View More Comments