This patch would come in the form of a new wpa_supplicant, which is a small program that controls the wireless protocols on the device. On January 8th, 2019, Amazon stated that they could replicate the bugs and had prepared patches that would be pushed out to affected devices in the coming weeks. Security update released for affected Amazon devicesĮSET responsibly disclosed these bugs to Amazon on October 23rd, 2018 and was told that Amazon would look into the issues. The researchers also discovered that the Amazon Home Assistant was affected by an unrelated vulnerability that could allow an attacker to steal packets or perform a DoS attack.
intercept sensitive information such as passwords or session cookies.depending on the network configuration: forge data packets, cause the device to dismiss packets or even inject new packets.decrypt any data or information transmited by the victim.replay old packets to execute a DoS attack, disrupt network communication or replay attack."Using Vanhoef’s scripts, we were able to replicate the reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake (CVE-2017-13077) and reinstallation of the group key (GTK) in the four-way handshake (CVE-2017-13078)." "The Echo 1st generation and Amazon Kindle 8th generation devices were found to be vulnerable to two KRACK vulnerabilities", ESET researchers stated in their report. When performing tests against the older Echo and Kindle devices, ESET discovered that the devices were vulnerable to the KRACK four-way handshake CVE-2017-13077 and CVE-2017-13078 vulnerabilities. In a report by the ESET Smart Home Research Team, the researchers have discovered that Amazon Echo 1st generation and Amazon Kindle 8th generation devices were still affected by the KRACK vulnerability. In order to fix these vulnerabilities, hardware manufacturers needed to release new firmware for the affected devices. While the WPA2 wireless connection of this network has been compromised by this attack, it is important to note that any encrypted traffic sent over the wireless network will still be protected from snooping. Using this attack, bad actors can decrypt packets sent by clients in order to steal sensitive information that is sent over plain text. KRACK, or Key Reinstallation Att ack, is a vulnerability in the 4-way handshake of the WPA2 protocol that was disclosed in October 2017 by security researchers Mathy Vanhoef and Frank Piessens. Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network.
0 kommentar(er)
