Security has been a big focus within the Android community for enthusiasts, and for quite a while too. As some OEMs have dedicated themselves to monthly security updates, it has actually influenced the phones that some people buy. This is also true for custom ROMs as well since many of us want our devices as secure as possible, so we tend to gravitate toward the options that provide those patches the quickest. A new WPA2 WiFi vulnerability called KRACK made headlines this week and the folks at LineageOS says all future official 14.1 builds will be secure from this attack.
The KRACK vulnerability is interesting due to how secure many people thought WPA2 WiFi authentication was. Many had switched to it from WEP a while back due to the fact that it dynamically generated new keys to encrypt packets to improve security. This attack was brought to the attention of the public thanks to a research paper by Mathy Vanhoef that shows how it is possible to trick the underlying mechanics of WPA2. For anyone in the Dallas Texas area on November 1st, you can see a proof of concept exploit called Key Reinstallations Attacks (KRACK) at the ACM Conference on Computer and Communications Security on November 1st.
Due to the fact that KRACK attacks the WPA2 protocol, it's said that 41% of active Android devices are currently severely vulnerable to the attack. When we consider how many Android smartphones, tablets, smartwatches, set-top boxes and IoT devices there are out in the wild, that shows how devastating this exploit really is. For those who are interested in more details, you can read about the step by step process for how KRACK actually works against susceptible devices here.
So now that we know its existence, many enthusiasts are looking for how we can stay safe from the exploit. Google schedules security updates at the start of each month and the company has said they'll be patching vulnerable devices "in the coming weeks" which has led many to suspect the patches will be included in the November security update. For LineageOS users though, the official Twitter account has confirmed that all official LineageOS 14.1 builds from now on will be safe against this attack.
Source: @LineageAndroid
from xda-developers http://ift.tt/2xLw13J
via IFTTT
No comments:
Post a Comment