科学美国人60秒:Wi-Fi曝安全漏洞 面临KRACK攻击风险
日期:2018-02-19 11:43

(单词翻译:单击)

LlLr1R%t2uiUJ|(!PJ5WmGuME[@e9oR(

听力文本

D-O3qLE^R9zI1D9TN

This is Scientific American — 60-Second Science. I'm Larry Greenemeier.
It seems every week we find out that someone broke into a big company's databases—like the recent Equifax data breach—and made off with millions of credit card numbers, passwords and other valuable info. And now a new kind of worry: someone could hijack your wireless home network and steal your info from under your nose.
That's the possibility raised by a couple of cybersecurity researchers from the Catholic University of Leuven in Belgium. The problem, they say, is a flaw in the very protocol meant to make wi-fi secure. That protocol is called Wi-Fi Protected Access II, WPA2. And WPA2's weakness could allow an attacker within physical range of your wi-fi network to make a copy of that network that they could then control. The researchers call their approach a key reinstallation attack, or KRACK.
It's important to know that a KRACK attack remains a hypothetical for now. The scientists realized the threat while investigating wireless security. They'll present this research on November 1st at the Computer and Communications Security (CCS) conference in Dallas and in December at the Black Hat Europe conference in London.

YSh)SuvpdHOFXb


In their KRACK scenario, wireless devices would be fooled into connecting to the bogus network. And the attacker would be able to access all of the info that devices send and receive while connected to that network—even if that info has been encrypted. Android and Linux would be especially vulnerable because of how their encryption keys are configured.
One measure of protection against such an attack would be to make sure they you've installed the most up-to-date versions of your apps, browsers and wireless router software. Updated software is most likely to include the security patches needed to avoid falling victim to a KRACK attack. Because chances are that KRACK won't remain simply a proof-of-concept for long.
Thanks for listening the Scientific American — 60-Second Science Science. I'm Larry Greenemeier.

#j7Rw6.0rJ@d4cLXGwSM

参考译文

9h_,5n#lq|Pw#|N_!(

这里是科学美国人——60秒科学,l1aT8|QyenjVh-UqeB。我是拉里·格林迈耶oM1-(~2^|E&2
似乎每周我们都能发现大型公司数据库遭入侵的事件,就如最近艾可飞公司的数据泄漏事件一样,数百万个信用卡号、密码和其他有价值的信息被窃取eey3yI#.NJWL。现在又多了一种担忧:有人可能会入侵你家的无线网络,在你眼皮底下盗取你的信息j[#vy6.D4t*s
比利时鲁汶天主教大学的几位网络安全研究人员提出了这种可能性Ve)[OKsi7qY!pZ&wF。他们表示,问题在于加密协议中的漏洞本意是保障Wi-Fi的安全!(zjQFUg^|Ju@s。这种加密协议名为二代无线网络安全接入,简称WPA24@@8;Ej37W*^-sR。WPA2的缺点是Wi-Fi网络物理范围内的攻击者可以复制并控制该网络i_(BHzH^Zo[qm。研究人员将这种方法称为“密钥重装攻击”,简称KRACKdyB*4gv)~|D6*o,aLW
认识到KRACK攻击至今仍是假设很重要Yes@!X8cS]ZISIo-S6。科学家在调查无线网络安全时发现了这种威胁;kWqtJ@|AW^=zvS~igV^。在11月1日达拉斯举行的计算机与通信安全会议以及12月份在伦敦召开的欧洲黑帽会议上,他们将公布这项研究结果S-gres^V)dV5-ywg
在研究人员虚拟的KRACK攻击场景中,无线设备会被误导去连接伪造的网络Lo7ez7i19Sk@Fe%8[q|S。在连接期间,攻击者就可以获取该网络设备收发的所有信息,即使这些信息已经被加密COcJ18ZPgd65aZ9[.^%。因为安卓和Linux加密密钥的配置方法,这两种系统特别易受到攻击mxaM6u@F4).
防止这种攻击的其中一个方法是确保你已经安装了最新版本的应用程序、浏览器和无线路由器软件Deit~X8DJ3Y=EEO5p。更新后的软件很可能包含避免被KRACK攻击的安全补丁2yawt@htMELUJ+]K。因为KRACK攻击不会只以一个概念的形式存在太久O9X&G4n*(~HvgAD)t1
谢谢大家收听科学美国人——60秒科学ct8Lxyygl7。我是拉里·格林迈耶NUlC4yX62mtJfL3

Py2^!^rd4zj2n!Q)*_B&

译文为可可英语翻译,未经授权请勿转载!

;FNN)d1_M^x|

r]0,Ljonv~ZV#5

重点讲解

AdM78Ty9WfMzO@(4F]

^SDVs393*7uS

重点讲解:
1. break into 强行进入;闯入;
例句:He added that it was impossible to say whether any hackers had actually exploited the flaw to illegally break into a database.
他表示,现在无法判断是否已经有黑客利用这个漏洞侵入过数据库gSt.DW|,Cb@rrL3_
2. make off with 偷走;拿走;
例句:Masked robbers broke in and made off with $8,000.
蒙面抢匪破门而入,偷走了8,000美元TcN~#z!2,)@.=P!4XY
3. under one's nose 当着…的面;在…的眼皮底下;
例句:The solution to the problem was right under his nose but he didn't realize it.
解决这个问题的方法,就在他的眼皮底下,不过他就是没有意识到!YR-aZ,veD6BhL
4. fall victim to 成为…的牺牲品(或受害者);
例句:Apparently he had been unfortunate enough to fall victim to a gang of thugs.
他显然不幸落入了一群歹徒之手CbDy0W+~SO

2J)Op-.shK.#a

CV;vU1nG-~phq[|E]jyD*J_4~T2wCuQxIUBQV=~IvdZb6=2d
分享到
重点单词
  • creditn. 信用,荣誉,贷款,学分,赞扬,赊欠,贷方 (复)c
  • protocoln. 规章制度,草案,协议,外交礼仪
  • hypotheticaladj. 假设的,假定的,爱猜想的
  • flawn. 瑕疵,缺陷,裂缝 v. 使破裂,有瑕疵 n.
  • controln. 克制,控制,管制,操作装置 vt. 控制,掌管,支
  • vulnerableadj. 易受伤害的,有弱点的
  • avoidvt. 避免,逃避
  • weaknessn. 软弱
  • conferencen. 会议,会谈,讨论会,协商会
  • victimn. 受害者,牺牲