Zhang Gailun of reporter of daily of science and technology
Recently, always make a person a little anxious about the news of Wi-Fi. Before before long, CCTV exposure of 315 evening parties Wi-Fi bougie box, it can identify the MAC address that gives user mobile phone quickly, picture of so called user has for you in the without anybody knowing it.
Recently, the safe summit of world top class message that in Canada Wengehua holds is met on CanSecWest2019, the major new issue that again safe expert pointed out Wi-Fi -- be based on WPA/WPA2 prevent replay mechanism (PN date) blemish of the existence on the design, aggressor can use this one blemish, accurate attack uses one of network of a certain Wi-Fi or a few users.
This one achievement by lab of Orion of the safety in A senior and safe expert thanks gentleman and Wang Jiaheng of advanced and safe engineer to be announced on congress.
Xie Jun introduces, WPA full name is WiFi Protected Access, have WPA, WPA2 two standards, it is a kind of technology standard that protects wireless network Wi-Fi to access safety. Current, WPA2 is to use the most extensive safe level. Since was being rolled out 2004 oneself nevertheless, the drawback that already in succession researcher points out its exist can bring about Wi-Fi insecure.
"The flaw that we discover this is more rock-bottom, aggressor needs to know the code of target network only, need not receive target network to be able to launch attack directly. " Xie Jun tells daily of science and technology the reporter, aggressor can use the design flaw that avoids replay mechanism, mix the user receive the join between the dot to be hijacked directly, translate into bagman is atttacked.
Specific for, it is the communication that aggressor can monitor user and Wi-Fi to receive a point, bogus data is sent to perhaps hijack user and Wi-Fi to accept the connection of the dot in equal opportunity, the communication content with distort normal, bring about an user the visit is interactive data midway is distorted.
Understand popularly, this kind of attack can cheat an user to visit false website, distort even the content of true website. "What for instance original website shows is not to want a code of test and verify to tell tripartite, I can change to send stack of test and verify to Xxxx and so on please to you. " Xie Jun says. If visit false website to be fished, the Zhang name code of the user has by the risk of filch, suffer pecuniary loss likely then.
Does the possibility that launchs attack have many tall? The answer is, close to 100 % . Want Wi-Fi password only by aggressor witting, aggressor can enter the any end of the network to launch attack to receiving. Dan Xiejun discloses, the attack way that they study, the tool of attack test and verify that needs to use its group proper motion to design, there never is person design to had come out on business of this kind of tool nevertheless, they also have not is open. So, in technical level, at present aggressor should use this one blemish to carry out attack, the threshold is very high still.
Accordingly, user also need not too too nervous. Xie Jun suggests, use communal Wi-Fi, still want to avoid to use sensitive applying as far as possible, for instance bank kind perhaps pay kind of product, perhaps log onto certain need to input the website of user name and password. "This kind of attack can be lured only make the user inputs sensitive content, and over there the user that cannot not become from what filch information, should take care only can. Should take care only can..
Of course, still have simpler and direct risk avoid kind, that is in namely public avoid to use Fi of communal Wi – as far as possible, use mobile network to get online as far as possible.
Xie Jun returns the appeal, safety of Fi of protective Wi – needs joint efforts of industry all circles. Agreement of new standard WPA3 already will be rolled out on international last year in June, should quicken those who carry out this one new standard to popularize be born, replace WPA2, protect user security better.