YouTube sin-bins account of KRACK WPA2 researcher
Only to be mysteriously restored hours later
The YouTube account of the researcher behind the KRACK WPA2 Wi-Fi vulnerability was restored early on Thursday hours after it was shut down for violating "community guidelines".
Mathy Vanhoef was told that his YouTube account had been sin-binned late on Wednesday. The move provoked criticism from security pros. Around two hours later the account was restored, also without explanation. In the meantime Vanhoef created an account at Vimeo.
The incident is not without precedent. Marcus Hutchins, the security researcher behind the WannaCry kill switch, commented: "YouTube are shitty when it comes to 'hacking' videos, even completely legal ones. Had a couple of friends banned for same bs too."
El Reg asked Google, YouTube's owner, to comment on the incident but we're yet to hear back.
Vanhoef went public with research demonstrating a critical design flaw in the underlying technology used to secure wireless networks. The Key Reinstallation Attacks, aka KRACK, mean that latest WPA2 Wi-Fi encryption might be circumvented to either snoop on communications or inject malign content.
Several caveats apply. A prospective hacker would have to be within range of the network to pull off an attack and any communications projected to end-to-end encryption (such as with HTTPS servers and VPN traffic) would still be shielded – miscreants would only be able to pull off the first layer of encryption. Patching is already well under way.
The four-minute YouTube video uploaded by Vanhoef demonstrated the wireless security weakness in Linux and Android devices, the most vulnerable class of client devices. ®