Say Hello To KRACK: WiFi Is No Longer Secure
The WPA2 encryption protocol, which generally protects the Wi-Fi router and connected devices from interruptions, is said to have been cracked. On Sunday, researchers prepared for the revelation of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol, which make it possible for attackers to get the Wi-Fi traffic transient within computers and the WiFi access points.
This means that the hacker who is inside the physical range of one's WiFi network can crack the Wi-Fi password.
How Does It Work?
Mathy Vanhoef, security expert at Belgian university KU Leuven, has found the weakness in the wireless security protocol WPA2 and published the following details of the flaw on Monday morning.
"Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on."
The concept exploit is known as Key Reinstallation Attacks that is shorten as 'KRACK.' The research has been a closely guarded mystery for weeks before a coordinated revelation, which is scheduled for 8 a.m. Monday, EST. The United States Computer Emergency Readiness Team has issued the following information in the reply to the concept exploit:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven will be publicly disclosing these vulnerabilities on 16 October 2017.
How Vulnerable Is KRACK?
The US-CERT researchers noted that 41 percent of all the Android devices are vulnerable to an "exceptionally devastating" form of the Wi-Fi attack. However, all Wi-Fi devices still seem vulnerable to some variant of the weakness that make them ready for data theft from any malevolent attacker within the range.
The researchers have recommended patching all the Wi-Fi clients and the access points when the fixes are available and still advised to continue to use the WPA2. However, it's not still clear if the WiFi exploit is actively being exploited.
Vanhoef also notes that the WiFi vulnerability affects a number of operating systems and devices, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others.