Goto

Collaborating Authors

KRACK Vulnerability Impacts Secure Wi-Fi Standard, Leaving Millions of Devices Exposed

WIRED

When you set up a new Wi-Fi network, you're probably conditioned by now to check the "WPA2" box. You may not specifically know when or why someone advised you to do this, but it was solid advice. Wi-Fi Protected Access 2 is the current industry standard that encrypts traffic on Wi-Fi networks to thwart eavesdroppers. And since it's been the secure option since 2004, WPA2 networks are absolutely everywhere.


KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know

PCWorld

A devastating flaw in Wi-Fi's WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself--not specific products or implementations--and "works against all modern protected Wi-Fi networks," according to Mathy Vanhoef, the researcher that discovered it. That means that if your device uses Wi-Fi, KRACK likely impacts it. Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it. KRACK (short for, uh, Key Reinstallation AttaCK) targets the third step in a four-way authentication "handshake" performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network.


Huge security flaw leaves Wi-Fi devices wide open to hackers

Mashable

There's a hole in Wi-Fi security, and it affects the vast majority of Wi-Fi devices and networks. That very likely means your phone, your home wireless network, your wireless network at work -- everything. Belgian security researcher Mathy Vanhoef from the imec-DistriNet research group at the KU Leuven university has discovered a vulnerability in the WPA2 security protocol, used by nearly every Wi-Fi device out there. It allows an attacker to remotely extract decrypted data from a protected Wi-Fi network without knowing the password. SEE ALSO: Equifax may have been hacked again and it's not even funny anymore Called KRACK, the attack does not actually recover the victim's Wi-Fi password.


Update Every Device -- This KRACK Hack Kills Your Wi-Fi Privacy

@machinelearnbot

Android devices are said to be particularly vulnerable to a novel new Wi-Fi attack that has a widespread impact. It's time to get patching again. Another widespread vulnerability affecting practically everyone and everything that uses Wi-Fi was revealed on Monday, allowing hackers to decrypt and potentially look at everything people are doing online. Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack. Vanhoef's description of the bug on his KRACK website is startling: "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.


Wi-fi security flaw 'puts devices at risk of hacks'

BBC News

The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack. It concerns an authentication system which is widely used to secure wireless connections. Experts said it could leave "the majority" of connections at risk until they are patched. The researchers added the attack method was "exceptionally devastating" for Android 6.0 or above and Linux. A Google spokesperson said: "We're aware of the issue, and we will be patching any affected devices in the coming weeks."