Goto

Collaborating Authors

Here is every patch for KRACK Wi-Fi attack available right now

ZDNet

Monday morning was not a great time to be an IT admin, with the public release of a bug that effectively broke WPA2 wireless security. Security experts have said the bug is a total breakdown of the WPA2 security protocol. The security protocol, an upgrade from WEP, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system's four-way handshake that permits devices with a pre-shared password to join a network. According to security researcher and academic Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device. US-CERT has known of the bug for some months and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the vulnerability from being exploited in the wild -- of which there are no current reports of this bug being harnessed by cyberattackers.


WiFi WPA2 Krack Attack, Flaw: Here's How To Stay Safe From Vulnerability

International Business Times

Monday morning brought the startling discovery that Wi-Fi Protected Access 2 (WPA2), a common protocol for securing wireless networks, suffers from a number of vulnerabilities that may expose sensitive information to attackers. Make no mistake, the threat posed by the exploits--dubbed as KRACK, short for Key Reinstallation Attacks, by the researchers who discovered the vulnerabilities--are serious. Just about every device capable of connecting to a wireless network is at risk. But the attacks have limitations and users are not without options to protect themselves. First, it's important to understand how an attack using KRACK could work.


KRACK Wi-Fi attack threatens all networks: How to stay safe and what you need to know

PCWorld

A devastating flaw in Wi-Fi's WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself--not specific products or implementations--and "works against all modern protected Wi-Fi networks," according to Mathy Vanhoef, the researcher that discovered it. That means that if your device uses Wi-Fi, KRACK likely impacts it. Read on for what you need to know about the KRACK Wi-Fi vulnerability, from how it works to how to best protect yourself against it. KRACK (short for, uh, Key Reinstallation AttaCK) targets the third step in a four-way authentication "handshake" performed when your Wi-Fi client device attempts to connect to a protected Wi-Fi network.


KRACK Wi-Fi attacks shouldn't harm updated Windows PCs

PCWorld

The bad news: A severe WPA2 protocol vulnerability dubbed KRACK holds the potential to break Wi-Fi security for virtually all wireless devices or networks, allowing attackers to snoop on your Internet traffic or even inject malicious code into websites you visit. The good news: If you're running a Windows PC, you're already safe--at least if you automatically apply new updates. Microsoft quietly released a KRACK-smashing update as part of last week's Patch Tuesday blitz, the company confirmed to Windows Central and other websites. Here is the company's statement: "Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates."


What the KRACK Wi-Fi vulnerability means for you and your devices

Mashable

So it turns out your Wi-Fi is vulnerable to hackers. A newly released research paper dropped a pretty sizable security bomb: The security protocol protecting most Wi-Fi devices can essentially be bypassed, potentially allowing an attacker to intercept every password, credit-card number, or super-secret cat pic you send over the airwaves. So what, if anything, can you do about all this -- other than go back to the Ethernet cable-laden Dark Ages? First, let's take stock of just how bad things are. Researcher Mathy Vanhoef, who discovered the vulnerability, explains that it allows for an attack that "works against all modern protected Wi-Fi networks."