View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 16, 2017

Hackers exploit security KRACK in wifi – and no device is safe

All you need to know about the significant attack against the WPA2 protocol.

By Tom Ball

No device connected to the internet could be safe from the wrath of hqackers, with researchers discovering a frightening flaw called KRACK.

Detailing the technicalities of the vulnerability, Mathy Vanhoef, the researcher who discovered the flaw, said:

“We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).

“Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks,” warned the researcher from Belgian university, KU Leuven.

Hackers exploit security KRACK in wifi – and no device is safe

“Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”

Android 6.0 and Linux have been considered most vulnerable to KRACK attacks, with nobody able to be confident of security until providers issue patches that tackle the problem.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Causing extreme concern, the U.S. Computer Emergency Readiness Team has come forward with a specific warning pertaining to the flaw.

Tristan Liverpool, Director of Systems Engineering at F5 Networks, said: “This major public vulnerability can affect any Wi-Fi network, including home, office and public connections. Known as Krack, it allows an attacker within range of a Wi-Fi network to inject computer viruses into it – including secured Wi-Fi connections – and read communications like passwords, credit card numbers and photos sent over the internet.

Mr Liverpool has outlined how serious the threat is that we are currently facing, furnishing users with some basic tips to bear in mind so as to be proactive in maintaining security.

–  Cisco CMP vulnerability: everything you need to know
– Russian hackers allegedly steal NSA programs via Kaspersky vulnerability

“How serious is the threat? The attacker must be within range of the Wi-Fi network to exploit it. People also need to be aware of subtle differences to keep their connections safe such as paying attention to the URL. Traffic between HTTPS servers will be safe but unprotected sites start with HTTP. Still, the vulnerability highlights the challenge of defending a ‘perimeter-less’ network.”

Despite the KRACK threat being extremely serious and menacing, Sebastien Jeanquier, Principal Consultant at Context Information Security, provides some reassurance in light of the threat that could make you vulnerable when using your own, home wi-fi connection.

Sebastien Jeanquier, , said: “Although this is a significant attack against the WPA2 protocol and the details of these vulnerabilities have been disclosed, no tooling has been made available thus far, although it is not inconceivable that attackers could create their own tools to perform such an attack. Furthermore, an attacker wishing to target you would need to be within Wi-Fi range of your devices, making this very much a local attack.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.