KRACK Attacks Defeat Wi-Fi Security on Most Devices

Cesar Mills
October 17, 2017

"If your device supports Wi-Fi, it is most likely affected", they said on the, website, which they set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.

This also allows the decryption of TCP SYN packets, which can then be used to hijack TCP connections and perform HTTP injection attacks such as infecting the target with malware. Unlike in past when older WiFi security protocols have been compromised, there is nothing to replace WPA2.

"If your device supports Wi-Fi, it is most likely affected", Vanhoef says. One flavor of the attack is substantially easier to exploit on Android and Linux devices, the researchers say. Attackers can use the exploit to run malicious code on the devices and for data theft when they're within range. For example, a message sent from your phone to a network could be played, or video that your security camera sent to network could be played and all modems are affected.

We strongly advise you to contact your vendor for more details.

The newly-discovered Wi-Fi security flaw puts devices connected to the network at significant risk of hacks.

"This won't let people in who are not physically present into your networks", wrote Iron Group chief technology officer Alex Hudson in a blog post, adding that it's unlikely sensitive data relies purely on WPA2's protections.

KRACK type of attack was discovered by researcher Mathy Vanhoef, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic.

US Supreme Court rejects Guantanamo detainee's appeal
The Justice Department filed a motion to take the case to the Supreme Court in June. The full circuit then split evenly on whether that decision was correct.

Talwar couple to walk out of Dasna jail today
However, with delay in formalities and the court being off on Saturday and Sunday, their release got delayed till today. Their daughter Aarushi and their help Hemraj were found murdered in their Noida home in 2008.

5 things we learned from Steelers impressive victory over Chiefs
After seeing the replay on the big screen, fans at Arrowhead Stadium signaled they wanted Reid to challenge the call. And with Eric Berry out, a versatile defender in all phases, there's not much hope it will get much better.

Changing your WiFi network password will do nothing to stop the attack, the research said.

United States Computer Emergency Readiness Team (CERT) issued a warning on Monday that encouraged all Wi-Fi users to install updates when available. Identified as the "Key Reinstallation Attackes", or Krack Attacks, the security flaws were found to be in the actual WiFi standard, not individual products.

On top of that there's now no known public attack code available to exploit the vulnerabilities, although that will no doubt change, and any hacker would need to be both very skilled and also situated in close proximity to your network kit in order to conduct the attack.

The firm said in a statement: "This issue can be resolved through straightforward software updates and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users". Customers who have Windows Update enabled and who applied the latest security updates are protected automatically.

With Android and Linux, an attacker doesn't even have to do that much work: the attacker can simply reset the encryption key.

Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.

However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended Wi-Fi network.

Other reports by GizPress

Discuss This Article