Wi-Fi曝安全漏洞，面临KRACK攻击风险

点击播放语音↓↓↓

原文及翻译

This is Scientific American — 60-Second Science. I'm Larry Greenemeier. 这里是科学美国人——60秒科学。我是拉里·格林迈耶。

It seems every week we find out that someone broke into a big company's databases—like the recent Equifax data breach—and made off with millions of credit card numbers, passwords and other valuable info.

似乎每周我们都能发现大型公司数据库遭入侵的事件，就如最近艾可飞公司的数据泄漏事件一样，数百万个信用卡号、密码和其他有价值的信息被窃取。

And now a new kind of worry: someone could hijack your wireless home network and steal your info from under your nose.

现在又多了一种担忧：有人可能会入侵你家的无线网络，在你眼皮底下盗取你的信息。

That's the possibility raised by a couple of cybersecurity researchers from the Catholic University of Leuven in Belgium.The problem, they say, is a flaw in the very protocol meant to make wi-fi secure. That protocol is called Wi-Fi Protected Access II, WPA2.

比利时鲁汶天主教大学的几位网络安全研究人员提出了这种可能性他们表示，问题在于加密协议中的漏洞本意是保障Wi-Fi的安全。这种加密协议名为二代无线网络安全接入，简称WPA2。

And WPA2's weakness could allow an attacker within physical range of your wi-fi network to make a copy of that network that they could then control.The researchers call their approach a key reinstallation attack, or KRACK.

WPA2的缺点是Wi-Fi网络物理范围内的攻击者可以复制并控制该网络。研究人员将这种方法称为“密钥重装攻击”，简称KRACK。

It's important to know that a KRACK attack remains a hypothetical for now.The scientists realized the threat while investigating wireless security.

认识到KRACK攻击至今仍是假设很重要。科学家在调查无线网络安全时发现了这种威胁。

They'll present this research on November 1st at the Computer and Communications Security conference in Dallas and in December at the Black Hat Europe conference in London.

在11月1日达拉斯举行的计算机与通信安全会议以及12月份在伦敦召开的欧洲黑帽会议上，他们将公布这项研究结果。

In their KRACK scenario, wireless devices would be fooled into connecting to the bogus network.

在研究人员虚拟的KRACK攻击场景中，无线设备会被误导去连接伪造的网络。

And the attacker would be able to access all of the info that devices send and receive while connected to that network—even if that info has been encrypted.

在连接期间，攻击者就可以获取该网络设备收发的所有信息，即使这些信息已经被加密。

Android and Linux would be especially vulnerable because of how their encryption keys are configured.

因为安卓和Linux加密密钥的配置方法，这两种系统特别易受到攻击。

One measure of protection against such an attackwould be to make sure they you've installed the most up-to-date versions of your apps, browsers and wireless router software.

防止这种攻击的其中一个方法是确保你已经安装了最新版本的应用程序、浏览器和无线路由器软件。

Updated software is most likely to include the security patches needed to avoid falling victim to a KRACK attack.Because chances are that KRACK won't remain simply a proof-of-concept for long.

更新后的软件很可能包含避免被KRACK攻击的安全补丁。因为KRACK攻击不会只以一个概念的形式存在太久。

Thanks for listening the Scientific American — 60-Second Science Science. I'm Larry Greenemeier.

谢谢大家收听科学美国人——60秒科学。我是拉里·格林迈耶。

“科学60秒”（60-Second Science）是全球最著名的科学英文广播，由《科学美国人》出品，网罗全球最新奇的科学发现，用过山车式的飞快语速，将其浓缩在60秒的播音之中。收听“科学60秒”，既能知新，又可练耳。欢迎大家下次继续收听《科技新声音》！

△以上部分图文来源于网络，如有侵权，请及时联系我们，我们将在24小时内删除。