Widespread Wi-Fi Flaw Allows Attackers to Snoop on Encrypted Chats

WPA2 Krack attack blows Wi-Fi security wide open: Fundamental crypto crapto

The security protocol used in all modern Wi-Fi networks is broken, allowing hackers to steal any sensitive information that is not transmitted via wire, researchers have claimed. Specifically, KRACK attacks WPA2's four-way security handoff of encrypted traffic over Wi-Fi and allows hackers a chance to inject their own content in the previously secured traffic stream.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others are all affected by some variant of the attacks, called KRACK. Verhoef believes the overwhelming majority of existing WPA2 client devices are vulnerable to some version of the attack, and comments that Android 6.0 and higher and Linux devices are particularly vulnerable. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the almost ubiquitous Wi-Fi encryption protocol.

The problem with WPS is that it's often enabled by default by router manufacturers, so it is good practice to disable it, especially if you don't think you'll ever use it.

The vulnerability, known as "Krack" gives hackers access to nearly everything that has been sent over a Wi-Fi network and any device that has used the same network is potentially at risk.

"In 2001, the WiFi security protocol WEP was cracked and it was soon deemed unsafe to use in order to keep your data and indeed networks safe from prying eyes", Mark James, a security specialist at ESET, says in an email to Newsweek. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. Both Windows and iOS aren't believed to be vulnerable to the most effective attacks. A broader warning was sent out by the CERT to more vendors on August 28.

The vulnerability was found in the WPA2 protocol used to secure protected networks in all current Wi-Fi hardware, including routers and client devices such as PCs, laptops and mobile phones.

Many businesses have already been briefed on the matter and we should expect to see a slew of patches being released all week to address this issue. Vanhoef is now in the process of notifying vendors about KRACK and what changes they can make to routers and access points to protect against it.

By taking advantage of these vulnerabilities, hackers can eavesdrop on the transmission of data, potentially reading that information even if it was encrypted.

Tristan Liverpool, Director of Systems Engineering at F5 Networks, said: "This major public vulnerability can affect any Wi-Fi network, including home, office and public connections". Researchers found that an attacker can force key resets by collecting and replaying transmissions of the third handshake, effectively breaking down the encryption protocol.

You'll also want to check for any firmware updates to your wireless router. According to experts, the security Protocol Wi-Fi for over 13 years.

"The attack works against all modern protected Wi-Fi networks".

Hudson said Wi-Fi users who browse the Internet should still be safe due to encryption on most websites but that the flaw could affect a number of Internet-connected devices.