No device connected to the internet could be safe from the wrath of hqackers, with researchers discovering a frightening flaw called KRACK.
Detailing the technicalities of the vulnerability, Mathy Vanhoef, the researcher who discovered the flaw, said:
“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).
“Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks,” warned the researcher from Belgian university, KU Leuven.
“Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
Android 6.0 and Linux have been considered most vulnerable to KRACK attacks, with nobody able to be confident of security until providers issue patches that tackle the problem.
Causing extreme concern, the U.S. Computer Emergency Readiness Team has come forward with a specific warning pertaining to the flaw.
Tristan Liverpool, Director of Systems Engineering at F5 Networks, said: “This major public vulnerability can affect any Wi-Fi network, including home, office and public connections. Known as Krack, it allows an attacker within range of a Wi-Fi network to inject computer viruses into it – including secured Wi-Fi connections – and read communications like passwords, credit card numbers and photos sent over the internet.
Mr Liverpool has outlined how serious the threat is that we are currently facing, furnishing users with some basic tips to bear in mind so as to be proactive in maintaining security.
“How serious is the threat? The attacker must be within range of the Wi-Fi network to exploit it. People also need to be aware of subtle differences to keep their connections safe such as paying attention to the URL. Traffic between HTTPS servers will be safe but unprotected sites start with HTTP. Still, the vulnerability highlights the challenge of defending a ‘perimeter-less’ network.”
Despite the KRACK threat being extremely serious and menacing, Sebastien Jeanquier, Principal Consultant at Context Information Security, provides some reassurance in light of the threat that could make you vulnerable when using your own, home wi-fi connection.
Sebastien Jeanquier, , said: “Although this is a significant attack against the WPA2 protocol and the details of these vulnerabilities have been disclosed, no tooling has been made available thus far, although it is not inconceivable that attackers could create their own tools to perform such an attack. Furthermore, an attacker wishing to target you would need to be within Wi-Fi range of your devices, making this very much a local attack.”
This article is from the CBROnline archive: some formatting and images may not be present.