Apple sudah tutup celah keamanan KRACK WPA2 Wi-Fi di iOS, macOS, watchOS dan tvOS versi beta

Apple dikabarkan telah menutup celah keamanan KRACK pada protokol keamanan Wi-Fi WPA2 untuk semua sistem operasinya meski masih dalam tahap beta. Seperti yang dikutip dari iMore:

While it’s bad, there are a are a few factors that prevent it from being truly damaging to the state of modern wireless networking:

  1. It can be patched. We don’t need a new standard like we did when WEP was broken and everyone had to move to WPA2.
  2. That means if your iPhone, iPad, or Mac is patched, it’s safe to use on any wireless access point, even if that access point (router, modem, etc.) hasn’t been patched. Likewise, if you patch your access point, any device used on it will likewise be secured.
  3. In many cases, access points won’t need to be updated. For example, Apple’s AirPorts, including Express, Extreme, and Time Capsule don’t seem be affected, even if using one as a bridge.
  4. Apple has confirmed to me that the KRACK exploit has already been patched in iOS, tvOS, watchOS, and macOS betas.

Belum ada tanggal resmi kapan Apple akan mengeluarkan update patch celah keamanan KRACK tapi saya rasa tidak lama lagi.

Celah keamanan protokol WPA2

Sebuah celah keamanan pada protokol Wi-Fi Protected Access II telah ditemukan oleh para security researcher. Dengan celah ini, setiap trafik atau koneksi antara perangkat dengan akses poin bisa dimata-matai oleh orang yang tidak bertanggung jawab. Dikutip dari Ars Technica:

According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

[…]

It wasn’t possible to confirm the details reported in the CERT advisory or to assess the severity at the time this post was going live. If eavesdropping or hijacking scenarios turn out to be easy to pull off, people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place.