A devastating flaw in Wi-Fi's WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself--not specific products or implementations--and "works against all modern protected Wi-Fi networks," according to Mathy Vanhoef, the researcher that discovered it. That means that if your device uses Wi-Fi, KRACK likely impacts it. Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it. KRACK (short for, uh, Key Reinstallation AttaCK) targets the third step in a four-way authentication "handshake" performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network.
There's a hole in Wi-Fi security, and it affects the vast majority of Wi-Fi devices and networks. That very likely means your phone, your home wireless network, your wireless network at work -- everything. Belgian security researcher Mathy Vanhoef from the imec-DistriNet research group at the KU Leuven university has discovered a vulnerability in the WPA2 security protocol, used by nearly every Wi-Fi device out there. It allows an attacker to remotely extract decrypted data from a protected Wi-Fi network without knowing the password. SEE ALSO: Equifax may have been hacked again and it's not even funny anymore Called KRACK, the attack does not actually recover the victim's Wi-Fi password.
When you set up a new Wi-Fi network, you're probably conditioned by now to check the "WPA2" box. You may not specifically know when or why someone advised you to do this, but it was solid advice. Wi-Fi Protected Access 2 is the current industry standard that encrypts traffic on Wi-Fi networks to thwart eavesdroppers. And since it's been the secure option since 2004, WPA2 networks are absolutely everywhere.
Android devices are said to be particularly vulnerable to a novel new Wi-Fi attack that has a widespread impact. It's time to get patching again. Another widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed on Monday, allowing hackers to decrypt and potentially look at everything people are doing online. Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. Vanhoef's description of the bug on his KRACK website is startling: "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.
A recently discovered vulnerability could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted. The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices. In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven's Mathy Vanhoef, the researcher who discovered the vulnerability. Vanhoef's findings were reported by tech site Ars Technica early Monday morning. Here's an overview of what to know about the vulnerability, and how you can protect your devices.