Goto

Collaborating Authors

krack-attack-wpa2-wifi

TIME

A recently discovered vulnerability could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted. The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices. In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven's Mathy Vanhoef, the researcher who discovered the vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning. Here's an overview of what to know about the vulnerability, and how you can protect your devices.


KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know

PCWorld

A devastating flaw in Wi-Fi's WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself--not specific products or implementations--and "works against all modern protected Wi-Fi networks," according to Mathy Vanhoef, the researcher that discovered it. That means that if your device uses Wi-Fi, KRACK likely impacts it. Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it. KRACK (short for, uh, Key Reinstallation AttaCK) targets the third step in a four-way authentication "handshake" performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network.


WPA2 security flaw puts almost every Wi-Fi device at risk of eavesdropping

ZDNet

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. Here are 2017's biggest hacks, leaks, and data breaches -- so far Dozens of data breaches, millions of people affected. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.


Wi-fi security flaw 'puts devices at risk of hacks'

BBC News

The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack. It concerns an authentication system which is widely used to secure wireless connections. Experts said it could leave "the majority" of connections at risk until they are patched. The researchers added the attack method was "exceptionally devastating" for Android 6.0 or above and Linux. A Google spokesperson said: "We're aware of the issue, and we will be patching any affected devices in the coming weeks."


Here is every patch for KRACK Wi-Fi attack available right now

ZDNet

Monday morning was not a great time to be an IT admin, with the public release of a bug that effectively broke WPA2 wireless security. Security experts have said the bug is a total breakdown of the WPA2 security protocol. The security protocol, an upgrade from WEP, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system's four-way handshake that permits devices with a pre-shared password to join a network. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. US-CERT has known of the bug for some months and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the vulnerability from being exploited in the wild -- of which there are no current reports of this bug being harnessed by cyberattackers.