Extensive Vulnerability Discovered with WIFI WPA2 Security

Published by

teaser

Belgian investigators found a serious leak in the WPA2 security standard, WPA2 is commonly used to protect most Wi-Fi networks. The vulnerability was detailed by the Belgian researchers Mathy Vanhoef and Frank Piessens and was labeled as Key Reinstallation Attacks, short for KRACK.



The vulnerability allows criminals to hack into a password-protected network. For example, Internet traffic can be listened to. Some versions of the WPA2 protocol can even send malicious traffic to connected devices.Currently from the looks of it mostly Linux and Android devices seem to be the most effected. 

In their paper (pdf), researchers say that "each wifi device is vulnerable to one of the variant an attacks". Android version 6.0 and newer devices are more vulnerable, because of an secondary bug in the operating system. "This makes it easy to intercept and manipulate traffic." The affected Android versions are about half of all Android devices that are in use worldwide. Google will be launching an Android update on November 6th. However, older devices do not get the latest security updates anymore and are likely to be vulnerable.

In the attack the encryption of a WPA2 connection is simply bypassed. This happens through an error in the handshake inbetween the devices and the Wi-Fi router. The discovery means that in theory all routers are as vulnerable as completely unsecured networks. 



The leak can be diverted by making reuse of encryption keys impossible in the authentication process, according to the article of the researchers. An update can be made on the Wi-Fi router, or in the devices that are connected to it. If one of the two has a security update, the hack is no longer working. 

It is advised that you currently first update the devices that connect to the network and then the network.

More info can be found here: https://www.krackattacks.com via nu.nl

Extensive Vulnerability Discovered with WIFI WPA2 Security


Share this content
Twitter Facebook Reddit WhatsApp Email Print