"Android and Linux-based devices are the worst affected by multiple vulnerabilities"

Why wouldn't you check if your phone has ROM support before buying?

That has nothing to do with Android itself. That's the decision of the manufactures (not only those who ship Android).

Android will be patched soon, no doubt. To bad manufacturers don't have to patch their devices because we will just put the blame on Android.

Normies buy new phones. New phones don't have custom ROM support yet and forecasting which one will get a decent one is pretty difficult.

Buying an older phone doesn't guarantee that ROMs are available for it or there are ROMs for it at all.

>check if your phone has ROM support before buying

>this is considered a serious question to ask normies

I know that. That's why I didn't say that.

iTODDLERS BTFO

The problem is made worse by Android and Linux, which, thanks to a bug in the WPA2 standard, don't force the client to demand a unique encryption key each time.

Rather, they allow a key to be cleared and replaced by an "all-zero encryption key," foiling a key part of the handshake process.

In some cases, a script can also force a connection to bypass HTTPS, exposing usernames, passwords and other critical data.

>The problem is made worse by Android and Linux, which, thanks to a bug in the WPA2 standard, don't force the client to demand a unique encryption key each time.

This has written "sabotage" all over it.

>thehackernews.com/2017/08/frappening-celebrity-photos.html
I really don't see how it's Apple's fault people are so stupid they give away their passwords

Well, they target the lower social classes so it kinda is.

>a script
As always JavaScript is the true botnet

>enabling wifi settings to join public wifi.
KEKEK

Apple has released 3 updates alone in the past two weeks, I feel sorry for Android users who potentially will never get their devices updates.

The problem can't be solved with patching your router. The actual devices like phones and computers connecting to your WiFi need to be patched.

>I feel sorry for Android users
Wrong group, fa.m

I feel sorry for customers of phone manufacturers that don't release updates for old phones.

Android can be rebuild every day. That's the nice thing of an open source software project. If other parties fail to provide updates you can build it yourself.

Only about half of Android phones get the MONTHLY update, the rest are left and more and more join those ranks by the day as newer devices come out.

oh shut the fuck up. You'd have to be a real fucking idiot to get your phone infected and an even BIGGER one if that's one of the reasons why you switched.

Just update wpasupplicant

So what are all the big companies doing now? Panicking? Turning off their networks?

This is the sad truth and the number one reason to only buy devices with a decent custom FOSS ROM support.

They don't care.

You don't have to forecast anything. Who buys an Android phone the day it was released?

It's not like that is hard to do by any stretch of the imagination.

Normies again.

>forecasting which one will get a decent one is pretty difficult.
Not really.
All flagships from big manufactures support custom roms and have huge communities.
If i want a cheap phone with big support i could get xiaomi, which i have, the redmi note 5, it costs nothing and i have custom roms coming out of my ass

>owning a smartphone

So wait, routers aren't vulnerable but devices are?

This is a problem, but the exploit compromises an implementation detail in the client side of the WPA2 handshake. It won't let an attacker simply grab the AP password and join a WPA2-secured network. At least not directly.

yeah i thought you could just upgrade your firmware?

If you use encrypted traffic (SSL) there's nothing to worry about.

>For the stable distribution (stretch), these problems have been fixed in version 2:2.4-1+deb9u1.
I'm fine here with debian

The PoC video shows an exploit successfully demoting https down to unencrypted http on match.com, so you should still (as always) keep an eye on the address bar.

That's exactly what I'm saying, don't use unencrypted http.

What about wpa2 enterprise?

Try telling your browser that.

But if you watched the video he explains he's using a SSL stripper for websites that have SSL incorrectly configured and that this is only a fraction of websites.

Windows doesn't have this problem :)

Asking someone to "make your phone faster" after a while or to recommend a phone isn't out of the question either.

work on my machine :^)

Even if you act retarded on purpose it's still retarded.

Ha, indeed. Never do this though. You'll be fending them off every week and all their problems are your fault now.

So is this another Vault7 backdoor?

GG CIA

This so much.
At this point i just pretend i don't know shit about technology, life is so much easier when i don't have to waste it by doing free tech support for retards

fappening 3 in 5-4-3...

Linux btfo
theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches
>Microsoft has already fixed the Wi-Fi attack vulnerability

Lies, my last update was on the 10th and there is no update available for windows.

>"Note thatif your device supports Wi-Fi, it is most likely affected."
>"During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks."
>"Apple"

Do you know how often Apple updates compared to Android?

It is only available to licensed windwos users, not pirate scum like you

I'm not a pirate scum I got it from university.

it has been fixed on debian for several hours

then there is your problem, you have one of those castrated handmedown windows versions which they give for free to school as tax writeoffs, you need the corporate pro version to get cutting edge updates

also compromised

did you even try reading
fucking moron

I'm scared Sup Forums what does it mean ? I have a Moto Z Play running marshmallow stock rom from july 2016 and I did'nt update once because I thought that xPosed would never get released on nougat

means you're going to get your identity stolen, even on your home wifi.

But what if I use WEP

lol wep hasn't been secure for a decade

For devices connecting through a vpn does this matter at all, outside of the possibility that the vpn is using shit encryption?

>supported
What part of flash a new nightly of Lineage OS don't you get?

Why is everybody making a fuss about it? When was the last time you heard about somebody getting hacked out of nowhere? Most of the time it's the users fault for installing some retarded shit on their device.

Oh fuck off. My HTC OneX was abandoned by the manufacturer a couple months after release for the HTC One m8. I used custom roms for a good 2 years until one day the cyanogenmod uploader stopped. In order to compile the latest nightlies, I need a shit ton of disk space, and the proprietary firmware for my phone's camera and other shit. And this doesn't even guarantee that the phone will work on the latest nightlies. Honestly this shit is the reason why I use an iPhone now, at least apple supports their phones with updates for more than 2 nanoseconds.

Linux has too idiot

Nah I have professional.

Hopefully someone is sat outside attractive celebrities houses as we speak getting their nudez.

Listen. I don't usually bother, but yesterday I turned off ssid broadcast on my router. One more layer of protection, albeit how slim, I thought to myself. Later I noticed that a couple of android devices no longer had a wifi connection. What am I missing Sup Forums?

nevermind, adding the ssid explicitly works

I'd just assumed that it would retain a relationship somehow.

>This has written "sabotage" all over it.

Actually it has "freetard" written over it because this is what happens when hobbyists are given enough rope to hang themselves.

This. The botnet has far more resources to protect me than some random hobbyists playing at making meme """free""" software

>turned off ssid broadcast on my router. One more layer of protection
thats not how it works you retard

Ubuntu has been patched already.

>thats not how it works

>it

how what works?

you're saying that not announcing your ssid doesn't add at least some protection on a wifi network

get back on your meds, and maybe you be flying off the handle at nothing

just buy an ethernet cable and only use 4g/3g on your phone until this is fixed
its that easy brainlets

It really doesn't add any protection. Deauth a connected device and you have the ssid when it reconencts.

Solus:
Security update available: wpa_supplicant
install it and this is it

Use aircrack-ng and you will see your "hidden" network. It shows up with a blank name and the device's MAC address. Hell, even wicd will show "hidden" networks by default.

Wait, what???
I thought linux was immunized to that kind of thing. Did Sup Forums lie to me??

lol good luck getting them to patch whatever old ass version you had to install on your particular model because the newer versions are broken as fuck.

So as long as i dont do anything involving sensitive data over wifi i be fine?

this is why you should not ignore Updates to your devices

I would also advise using DNScrypt as well.

daily reminder that there's already a fix for linux and the only reason most android devices will not be update is because they aren't libre hardware running exclusively libre software

>Did Sup Forums lie to me??
Yes. The only reason people says it's secure is because not a lot of people actually use it.

I wonder if airport express will got any update for it.

The protocol itself is compromissed, every single device out there is heavly affected.

I doubt half wifi router's vendors will launch a firmware update for this, WPA/WPA2 is over.

>WPA/WPA2 is over.
The fags will not let it to die.

This is not true. Please take more care before posting wrong information on Sup Forums.

What can you do if you own an android that isn't supported by custom ROMs? How would it affect you?

I don't think Adroid will be the only big problem, smart TVs, wifi printers, smart things in general...
Every single device that uses wifi...