Researchers have just published details of a new attack against WiFi encryption which they dubbed as key reinstallation attacks or “Krack”, and it has taken much of the world by surprise.
Krack has the potential to affect all protected networks and can be used to steal sensitive data such as credit card details, chats, emails, messages and photos apart from injecting malware and manipulating data.
A few days back, researcher Mathy Vanhoef from Belgium’s KU Leuven University posted a video demonstrating how a hacker can intercept data transmitted from a wireless device (an Android phone in the video) by exploiting the WPA2 security. Vanhoef was the first one to spot Krack.
However, Krack is a wide but shallow bug, while nearly every device that uses Wi-Fi is vulnerable and subject to attack, the attack itself is quite difficult to be executed in practice.
Krack essentially exploits the weakness in the WPA2 system that is responsible for securing the connection between a computer and a WiFi router. When the system breaks down, it could lead to an attacker get between you and your router.
Also, to carry out the attack, the hacker needs to be within the range of the user’s WiFi, which greatly reduces the risk. Also, only one network can be hit at a time.
From there, they can eavesdrop on unencrypted, i.e. non-HTTPS traffic and compromise your computer by slipping malware into legitimate websites.
A precautionary measure would include encrypting your WiFi signal and putting up a patch for your software.
The two primary devices that are a 'must-patch' include your computer and phone.
Updating immediately, however, may not be an option for everyone as most people out there are still putting up patches for the update. It is more difficult to patch Krack as compared to other bugs as it targets a primary weakness in the way WPA2 system functions by reinstalling private keys.
Microsoft Windows has, in its recent Windows updates, released on October 10, fixed the issue for customers running supported versions of Windows. Apple too has said that the vulnerability has been fixed in the Beta versions of its current operating systems, as reported by The Verge. Google, too has announced a fix coming up for its affected devices in a few weeks.
Security researchers have said that the Android devices are vulnerable to an exceptionally devastating variant of the Krack WiFi attack.
The most prevalent way to protect yourself against Krack is by using a patched-up WiFi and avoiding random WiFi connections. Another possible option could be using a LAN connection till the WiFi vendor issues a firmware update just to be safe.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
