> The adversary has a limited ability to monitor short-range communication channels (Bluetooth, WiFi, etc).
That seems like a pretty big assumption. From what i understand there already exists deployment of wifi hot spots to track people (both for advertising purposes and for spying purposes) to the extent that phone providers started radomizing MAC addresses.
> The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected.
> Your data can be eavesdropped or modified by someone in the middle. This would be quite rare within a LAN
Literally every single public wifi network, which is a significant percentage of all internet traffic (including basically everyone working from a wework for example), is vulnerable to eavesdropping/mitm
> This exploits a design flaw in hotspot-like networks and allows the attacker to force an access points to encrypt yet to be queued frames using an adversary-chosen key, thereby bypassing Wi-Fi encryption entirely. Our attacks have a widespread impact as they affect various devices and operating systems (Linux, FreeBSD, iOS, and Android) and because they can be used to hijack TCP connections or intercept client and web traffic
Interesting approach, that seems to be limited to Hotspots or am I getting this wrong?
Various vulnerabilities in your wifi driver. Some of these may require you only be in range; others may be exploitable only if associated with the network.
Wi-Fi makes that pretty damn hard to verify. In theory, malicious firmware could even opportunistically link up with other malicious firmware acting as a bridge via some undocumented protocol that would only be detectable by looking at the raw spectrum.
> unless of course there is leakage of that radiation affecting someone else outside of your private property.
There always is. Radio waves don't respect walls (unless they're made of metal). If you look at the linked document, it shows strong indications that the attacks did affect wifi networks from vehicles passing by, that is, fully outside of the property.
>[KRACK] easy to exploit in a lab but very hard to exploit in practice
How so? Even I have done it (on my own AP). Unless you own a big property that the WiFi signal cannot reach outside it's as easy as pressing GO in one of the hundreds of script kiddie tools.
> in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.
Any indication which devices are known to be affected? None of the pages I've read so far give that information. Though it could be that this information is subject to "responsible disclosure" and won't be released until manufacturers have had a reasonable amount of time to release patches.
How does it enforce that? Is it just based on signal strength?
> The intended user can switch off or unplug the load in person then operate the meter.
This is just the wrong way to think about it. The "intended user" is all nice, but what can an attacker do? That is how these problems need to be analysed.
>What if they could determine the endpoint of the data and see that there was nothing connected to that endpoint at the same time, sending the same amount of traffic (using it as a proxy).
You say that as if breaking into someone's PC and using their wireless NIC to break into neighboring networks is totally implausible. Commonly known as pivoting.
I have troubles imagining an attack on wifi protocol where this doesn't apply :).
reply