Bon alors voilà, une bonne grosse faille sur WPA2, le standard qui sert à protéger/chiffrer le WiFi.
Et visiblement, tout le monde est concerné: « The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. »
Pas rassurant.
Résumé de la faille: (
https://mastodon.social/@krypteia/98838905274377087)
« * 4-way handshake nonce reuse attack
* does NOT allow recovery of WIFI password or 4-way handshake negotiated encryption key (except for linux/android which can be tricked into using all-zero encryption key--lolz)
* does allow the attacker to preform a full MITM attack on a Wi-Fi connected client
* no access point patch can fix this, EVERY client device that connects to WiFi needs to be patched »
:-(
EDIT: Explication (et vulgarisation) de la faille en français:
http://beta.hackndo.com/krack/(
Permalink)