Wi-Fi WPA2 Security Vulnerable to KRACK Attacks: Nearly All Wi-Fi Devices on the Planet Vulnerable

 
Share on Facebook Tweet Share Share Reddit Comment
Wi-Fi WPA2 Security Vulnerable to KRACK Attacks: Nearly All Wi-Fi Devices on the Planet Vulnerable

Highlights

  • WPA2 security protocol has reportedly been compromised
  • The WPA2 vulnerabilities will be detailed at 5:30pm IST
  • Anyone near your router could eavesdrop on Wi-Fi traffic, say researchers

Security researchers claim to have found high-severity vulnerabilities in WPA2 (Wi-Fi Protected Access II), a popular security protocol used by nearly every Wi-Fi device on the planet. The vulnerabilities could potentially allow anyone near your router to eavesdrop on the Wi-Fi traffic being sent through it.

Details have been revealed on a dedicated site called krackattacks.com, named after the proof-of-concept attack called KRACK (Key Reinstallation Attacks). A total of 10 vulnerabilities have been identified, and were discovered by researcher Mathy Vanhoef of imec-DistriNet, KU Leuven.

"If your device supports Wi-Fi, it is most likely affected," Vanhoef writes on the website.

"Concretely, attackers can use this novel [KRACK] attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks," he adds.

All Wi-Fi Devices Vulnerable to KRACK Attacks: Your 10-Point Cheatsheet In Simple English

The attack essentially targets Wi-Fi clients using WPA2 (nearly every Wi-Fi device out there), and compromises the encryption protocol used for communicating with the router. After this, "any data or information that the victim transmits can be decrypted", Vanhoef notes, adding that event HTTPS communication have been bypassed in the past, so it may not be safe either.

He adds that the "attack is exceptionally devastating against Linux and Android 6.0 or higher", though devices running Apple's mobile and desktop operating system, Windows, OpenBSD etc. are all vulnerable. Note that to protect yourself against attacks, it's Wi-Fi clients like laptops, smartphones, smart home devices, and the likes, will need to install security updates.

"Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates," Vanhoef notes.

The vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers, specifically: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086,CVE-2017-13087, and CVE-2017-13088. Further details of these vulnerabilities can be found on the aforementioned website, or the National Vulnerability Database of the US Department of Commerce’s NIST website.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Abhinav Lal

You’ll most likely find Abhinav editing news stories, humouring his possibly unhealthy interest in playing Dota 2, and defending where his beliefs lie in the ... More

Xiaomi's Diwali With Mi Sale Offers: Deals, Discounts on Redmi Note 4, Mi Max 2, Redmi 4, and More
Apple Pay With Wallet Apps Integration Could Soon Launch in India: Report
 
 

Advertisement