|
|
Up-to-date software, apps, browsers and router software offer the best
protection against a potential flaw in wi-fi security called a key
reinstallation attack, or KRACK.
对于无线网络安全潜在的漏洞--密钥重装攻击或者称之为KRACK,最新的软件,应用,浏览器和路由器都提供了最好的防御。
It seems every week we find out that someone broke into a big company’s
databases—like the recent Equifax data breach—and made off with millions of
credit card numbers, passwords and other valuable info. And now a new kind of
worry: someone could hijack your wireless home network and steal your info from
under your nose.
几乎每周都有大公司的数据库被人侵入,比如最近的Equifax公司的数据泄露事件-被盗走数百万的信用卡号,密码及其他重要信息。而现在又有了新的忧虑:有人可能操纵你的家用无线网络,并光明正大的窃取你的信息。
That’s the possibility raised by a couple of cybersecurity researchers from
the Catholic University of Leuven in Belgium. The problem, they say, is a flaw
in the very protocol meant to make wi-fi secure. That protocol is called Wi-Fi
Protected Access II, WPA2. And WPA2’s weakness could allow an attacker within
physical range of your wi-fi network to make a copy of that network that they
could then control. The researchers call their approach a key reinstallation
attack, or KRACK.
这个问题是由比利时鲁汶大学的几个网络安全研究人员发现的,他们认为问题正是由wifi中的安全协议引起的-我们称之为wpa2的协议。wpa2的缺陷使得攻击者在能够在你的wifi物理范围之内复制你的网络信息,这样他们就可以控制你的网络,研究者称之为秘钥重建攻击,即KRACK。
It’s important to know that a KRACK attack remains a hypothetical for now.
The scientists realized the threat while investigating wireless security.
They’ll present this research on November 1st at the Computer and Communications
Security (CCS) conference in Dallas and in December at the Black Hat Europe
conference in London.
知道KRACK攻击暂时还只是一种假设是很重要的,科学家在调查无线网络安全的过程中意识到了这个威胁。他们会在达拉斯11月1日的电脑和通信安全大会(ccs)和在伦敦的12月的黑帽欧洲会议上发表这项研究。
In their KRACK scenario, wireless devices would be fooled into connecting
to the bogus network. And the attacker would be able to access all of the info
that devices send and receive while connected to that network—even if that info
has been encrypted. Android and Linux would be especially vulnerable because of
how their encryption keys are configured.
在KRACK入侵情境下,无线设备会被骗连接上虚假网络,在这种连接状况下,入侵者则能够得到设备发送和接收的所有信息--即便这些信息已被加密。由于密钥配置问题,安卓和Linux系统尤其易受攻击。
One measure of protection against such an attack would be to make sure they
you’ve installed the most up-to-date versions of your apps, browsers and
wireless router software. Updated software is most likely to include the
security patches needed to avoid falling victim to a KRACK attack. Because
chances are that KRACK won’t remain simply a proof-of-concept for long.
抵御这种攻击的一项措施就是确保你安装了最新版本的应用软件,浏览器和无线路由器。最新版软件很有可能含有安全补丁,使其免遭KRACK攻击沦为受害者。因为长远来看,KRACK不仅仅是一个简单概念。 |
|
发表于 2017-10-30 22:13:40