KRACK Attacks Defeat Wi-Fi Security on Most Devices

Cesar Mills
October 17, 2017

"If your device supports Wi-Fi, it is most likely affected", they said on the www.krackattacks.com, website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

This also allows the decryption of TCP SYN packets, which can then be used to hijack TCP connections and perform HTTP injection attacks such as infecting the target with malware. Unlike in past when older WiFi security protocols have been compromised, there is nothing to replace WPA2.

"If your device supports Wi-Fi, it is most likely affected", Vanhoef says. One flavor of the attack is substantially easier to exploit on Android and Linux devices, the researchers say. Attackers can use the exploit to run malicious code on the devices and for data theft when they're within range. For example, a message sent from your phone to a network could be played, or video that your security camera sent to network could be played and all modems are affected.

We strongly advise you to contact your vendor for more details.

The newly-discovered Wi-Fi security flaw puts devices connected to the network at significant risk of hacks.

"This won't let people in who are not physically present into your networks", wrote Iron Group chief technology officer Alex Hudson in a blog post, adding that it's unlikely sensitive data relies purely on WPA2's protections.

KRACK type of attack was discovered by researcher Mathy Vanhoef, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic.

How to handle Raiders QB vs. Chargers
The Oakland linebackers and Safeties will have their hands full with the Chargers dynamic duo of Antonio Gates and Hunter Henry . Chargers head coach Anthony Lynn said he wasn't anxious when Novak lined up for his field goal with three seconds on the clock.

George Weah Continues To Lead Polls In Liberia's Election
However, many Liberians complain about poor public services and widespread corruption and say they are eager for a new president. The chairman warned political parties to refrain from declaring any result other than what the commission was releasing.

Kylie Jenner Talks Baby on Snapchat
She also thinks that Tyga is trying to come up with any reason to ensure that Kylie stays in his life, and she has totally moved on from the rapper .

Changing your WiFi network password will do nothing to stop the attack, the research said.

United States Computer Emergency Readiness Team (CERT) issued a warning on Monday that encouraged all Wi-Fi users to install updates when available. Identified as the "Key Reinstallation Attackes", or Krack Attacks, the security flaws were found to be in the actual WiFi standard, not individual products.

On top of that there's now no known public attack code available to exploit the vulnerabilities, although that will no doubt change, and any hacker would need to be both very skilled and also situated in close proximity to your network kit in order to conduct the attack.

The firm said in a statement: "This issue can be resolved through straightforward software updates and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users". Customers who have Windows Update enabled and who applied the latest security updates are protected automatically.

With Android and Linux, an attacker doesn't even have to do that much work: the attacker can simply reset the encryption key.

Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.

However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended Wi-Fi network.

Other reports by GizPress

Discuss This Article

FOLLOW OUR NEWSPAPER