Goto

Collaborating Authors

Here is every patch for KRACK Wi-Fi attack available right now

ZDNet

Monday morning was not a great time to be an IT admin, with the public release of a bug that effectively broke WPA2 wireless security. Security experts have said the bug is a total breakdown of the WPA2 security protocol. The security protocol, an upgrade from WEP, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system's four-way handshake that permits devices with a pre-shared password to join a network. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. US-CERT has known of the bug for some months and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the vulnerability from being exploited in the wild -- of which there are no current reports of this bug being harnessed by cyberattackers.


krack-attack-wpa2-wifi

TIME

A recently discovered vulnerability could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted. The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices. In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven's Mathy Vanhoef, the researcher who discovered the vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning. Here's an overview of what to know about the vulnerability, and how you can protect your devices.


KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know

PCWorld

A devastating flaw in Wi-Fi's WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself--not specific products or implementations--and "works against all modern protected Wi-Fi networks," according to Mathy Vanhoef, the researcher that discovered it. That means that if your device uses Wi-Fi, KRACK likely impacts it. Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it. KRACK (short for, uh, Key Reinstallation AttaCK) targets the third step in a four-way authentication "handshake" performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network.


Huge security flaw leaves Wi-Fi devices wide open to hackers

Mashable

There's a hole in Wi-Fi security, and it affects the vast majority of Wi-Fi devices and networks. That very likely means your phone, your home wireless network, your wireless network at work -- everything. Belgian security researcher Mathy Vanhoef from the imec-DistriNet research group at the KU Leuven university has discovered a vulnerability in the WPA2 security protocol, used by nearly every Wi-Fi device out there. It allows an attacker to remotely extract decrypted data from a protected Wi-Fi network without knowing the password. SEE ALSO: Equifax may have been hacked again and it's not even funny anymore Called KRACK, the attack does not actually recover the victim's Wi-Fi password.


All data that move across Wi-Fi networks could be susceptible to hacking, researcher says

Los Angeles Times

Home and corporate Wi-Fi networks -- and all the data, photos and messages transmitted across them -- could be vulnerable to hackers, according to a computer security researcher in Belgium. The vulnerability is in WPA2, the main protocol that protects Wi-Fi networks. Hackers can use a technique known as key reinstallation attacks, or Krack for short, to intercept information sent over networks that users thought were encrypted, the researcher says. "Nobody has ever found this vulnerability," said Matthew Green, assistant professor of computer science at Johns Hopkins University. WPA2 is the "industry standard" and has been heavily relied upon as the "best level of protection for your information," said Emma Garrison-Alexander, vice dean for cybersecurity and information assurance in the graduate school at the University of Maryland University College.