Banner
Breaking News

The recent catastrophic Wi-Fi vulnerability was in plain sight for 13 years behind a corporate paywall

This post was originally published on this site

Share on Facebook Share

Share on TwitterTweet

Share on Google Plus Plus

The recent Wi-Fi “KRACK” vulnerability, which allowed anyone to get onto a secure network (and which was quickly patched by reputable vendors), had been in plain sight behind a corporate-level paywall for 13 years. This raises a number of relevant, interesting, and uncomfortable questions.

When this week’s KRACK wi-fi vulnerabity hit, I saw a series of tweets from Emin Gür Sirer, who’s mostly tweeting on bitcoin topics but seemed to know something many didn’t about this particular Wi-Fi vulnerability: it had been in plain sight, but behind paywalls with corporate level fees, for thirteen years. That’s how long it took open source to catch up with the destructiveness of a paywall.

In this case, close scrutiny of the protocol would have (and in fact, did) uncovered the nonce reuse issues, but didn’t happen for 13 years.

— Emin Gün Sirer (@el33th4xor) October 16, 2017

Apparently, WPA2 was based on IEEE standards, which are locked up behind subscription fees that are so steep that open source activists and coders are just locked out from looking at them. This, in turn, meant that this vulnerability was in plain sight for anybody who could afford to look at it for almost a decade and a half. There are so many issues and followup questions on this, it deserves at least two more articles on the same topic, just for headlines to cover one important point at a time (yes, that’s necessary today).

This also means that one of two things were true: one, those who could afford to look at it didn’t bother to look at it, or two, those who would bother to look at it and understand it couldn’t afford

Leave a Reply

Your email address will not be published. Required fields are marked *

Banner