KRACK Attacks Defeat Wi-Fi Security on Most Devices

Cesar Mills
October 17, 2017

"If your device supports Wi-Fi, it is most likely affected", they said on the www.krackattacks.com, website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

This also allows the decryption of TCP SYN packets, which can then be used to hijack TCP connections and perform HTTP injection attacks such as infecting the target with malware. Unlike in past when older WiFi security protocols have been compromised, there is nothing to replace WPA2.

"If your device supports Wi-Fi, it is most likely affected", Vanhoef says. One flavor of the attack is substantially easier to exploit on Android and Linux devices, the researchers say. Attackers can use the exploit to run malicious code on the devices and for data theft when they're within range. For example, a message sent from your phone to a network could be played, or video that your security camera sent to network could be played and all modems are affected.

We strongly advise you to contact your vendor for more details.

The newly-discovered Wi-Fi security flaw puts devices connected to the network at significant risk of hacks.

"This won't let people in who are not physically present into your networks", wrote Iron Group chief technology officer Alex Hudson in a blog post, adding that it's unlikely sensitive data relies purely on WPA2's protections.

KRACK type of attack was discovered by researcher Mathy Vanhoef, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic.

United States soldier Bowe Bergdahl pleads guilty to desertion
He told the judge at Fort Bragg, North Carolina that he now understands that what he did caused others to search for him. Trump had also called during his run for president for Bergdahl to be put to death for desertion.

IGN Purchases Humble Bundle
IGN will help grow Humble Monthly as well, along with fostering the company's "new publishing initiative". To be clear, though, Humble Bundle has been acquired by Ziff Davis ( IGN's owner) through IGN's division.

District pulls 'To Kill A Mockingbird' from reading list due to complaints
When the book was announced it was also revealed that To Kill A Mockingbird had sold 40 million copies worldwide . The story follows Tom Robinson a Black man falsely accused of raping a young white woman in the depression era.

Changing your WiFi network password will do nothing to stop the attack, the research said.

United States Computer Emergency Readiness Team (CERT) issued a warning on Monday that encouraged all Wi-Fi users to install updates when available. Identified as the "Key Reinstallation Attackes", or Krack Attacks, the security flaws were found to be in the actual WiFi standard, not individual products.

On top of that there's now no known public attack code available to exploit the vulnerabilities, although that will no doubt change, and any hacker would need to be both very skilled and also situated in close proximity to your network kit in order to conduct the attack.

The firm said in a statement: "This issue can be resolved through straightforward software updates and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users". Customers who have Windows Update enabled and who applied the latest security updates are protected automatically.

With Android and Linux, an attacker doesn't even have to do that much work: the attacker can simply reset the encryption key.

Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.

However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended Wi-Fi network.

Other reports by GizPress

Discuss This Article

FOLLOW OUR NEWSPAPER