Hackers exploit security KRACK in wifi - and no device is safe

Wifi WPA2 security cracked: Android & Linux most vulnerable, but iOS and macOS too [Video]

Sebastien Jeanquier, said: "Although this is a significant attack against the WPA2 protocol and the details of these vulnerabilities have been disclosed, no tooling has been made available thus far, although it is not inconceivable that attackers could create their own tools to perform such an attack". However, the weakness is now so pervasive that Vanhoef said everyone should assume all their devices are affected and vulnerable.

The attack is "exceptionally devastating" against Linux and Android 6.0, the researcher found.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. WiFi encryption mainly functions to keep other devices from talking on your network (the security otherwise has been a bit suspect for a while). For example, a message sent from your phone to a network could be played, or video that your security camera sent to network could be played and all modems are affected.

Various vendors were notified about the problem as early as July, so we might expect updates for end-user devices, if not networking hardware.

Intel: Intel has released a security advisory listing updated Wi-Fi drives and patches for affected chipsets, as well as Intel Active Management Technology, which is used by system manufacturers.

A newly-discovered security flaw affects virtually every Wi-Fi device, and could render your home network as readable to hackers as the free Wi-Fi at a coffee shop. However, wireless routers and access points may require a vendor patch to protect against this vulnerability.

These KRACK Attacks mean that most encrypted Wi-Fi networks out there are not as secure as think. The flaw, not actually in products but instead found in the WiFi standard itself, means that credit card numbers, passwords, chats, emails and documents could all be hijacked.

The Krack WPA2 attack can be used against all modern protected WiFi networks and can be used to inject other forms of malware, such as ransomware, into websites by manipulating data.

Responding to the issue, the United States Computer Emergency Readiness Team (CERT) provided the following statement (via Ars Technica).

Because of the depth and nuance of this vulnerability, collectively KRACK has 10 CVE identifiers assigned to it.

The KRACK Attacks (with numerous variations) use the fact that although this four-way protocol was shown to be mathematically sound, it could be - and in many cases, was - implemented insecurely.

Meanwhile, Microsoft said customers who have the latest Windows Update, launched last week, and applied the security updates, are automatically protected.

On top of that there's now no known public attack code available to exploit the vulnerabilities, although that will no doubt change, and any hacker would need to be both very skilled and also situated in close proximity to your network kit in order to conduct the attack. Even if you don't know any of the content, a sufficient volume of English text would be enough to break the encryption. This results in the encryption key being rewritten to all-zeros, which makes it trivial to hack. Aruba has posted a memo and updated firmware to address this issue.

Related News:

Most liked

Released from Taliban in prisoner exchange, Bowe Bergdahl pleads guilty to desertion
A judge said Bergdhal's maximum possible punishment would be life in prison, but he has not been sentenced yet. US Army Sergeant Bowe Bergdahl is pictured in this undated handout photo provided by the US Army.

Jets fall to Patriots after controversial replay call
Tom Brady finds Rob Gronkowski across the middle for a 33-yard touchdown as the Patriots take a 21-14 lead over the Jets. Brady hit wide receiver Brandin Cooks with a ideal pass down the sideline and over Morris Claiborne for a 42-yard gain.

New Austrian leader 'will be Europe's youngest head of government'
President Alexander Van der Bellen, who must swear in the new government, said he "puts great value on pro-European government". His People's Party, like the Social Democrats have also not ruled out forming a coalition with the far-right Freedom Party.

India keep an edge, lead 3-1 against Pakistan
Q2 22'min: Another Penalty Corner for Pakistan! Q1 15'min: Penalty corner for Pakistan, the men in green missed the opportunity. Right after the victory, cricketers and sportspersons from across India hailed the team's spectacular show against Pakistan .