KRACK Exploit Can Breach Your Wi-Fi Security

The upshot of this research is a reminder that you really should keep the software up-to-date on all your wi-fi connected devices. In the immediate term, patching client devices is the highest priority.

WPA2 is used to secure and protect communications between routers, mobile devices and IoT devices. And all major operating systems are vulnerable to at least one form of the KRACK attack.

According to Google statistics, released in May this year, there are now more than two billion monthly active Android devices in use around the world.

Conventional wisdom has long held that locking down your router with WPA2 encryption protocol would protect your data from snooping. This allows them to manipulate messages between the WiFi router and the device.

The WPA2 handshake design permits for the possibility of a dropped packet during handshake.

Linux's wpa_supplicant v2.6 is also vulnerable to the installation of an all-zero encryption key in the 4-way handshake. While the nonce is meant to prevent replay attacks, in this case, attackers are then given the opportunity to replay, decrypt, or forge packets.

However, any web traffic that was not encrypted would be easily visible to the attacker - including traffic within local Wi-Fi networks.

Of note, this attack does not allow attackers to recover the network password.

The researchers are now moving on to ponder whether other protocol implementations are also vulnerable to key reinstallation attacks.

Vanhoef will be presenting the research behind the attack at the Computer and Communications Security Conference and the Black Hat Europe conference.

Indians Take Control Over Yankees
Francisco Lindor's grand slam off the right-field foul pole on a 1-0 hanging breaking ball by Chad Green that made it 8-7 Yankees. Encarnacion writhed in pain in the infield dirt before being helped off the field by Cleveland's training staff.

"We are not in a position to determine if this vulnerability has been (or is being) actively exploited in the wild", Mr Vanhoef wrote.

"If your device supports Wi-Fi, it is most likely affected", the researchers said.

Hackers must be near your device to use this attack.

As Vanhoef demonstrates, KRACK seems particularly troublesome for Android and Linux OS's but he also clearly states in his discovery on his website, "if your device supports Wi-Fi, it is most likely affected".

As a proof-of-concept, Vanhoef has published a demonstration of how a key reinstallation attack might be carried out against an Android smartphone.

It seems like a coding error is making is so easy for hackers to access an Android device. And as if that wasn't enough, legacy devices that still use the previous-generation WPA1 standard are affected as well. At press time, a patched wpk_supplicant is in testing for Fedora, though no patch has yet been introduced for Ubuntu.

KRACK could be most devastating to IoT devices - especially in the healthcare sector - as many vendors and healthcare organizations fail to make timely patches.

To exploit a network, attackers first clone the MAC address of the network and set up a duplicate of it on a different wireless channel. Once a patch is available for your router, you should update the firmware without delay.

Back in 2005, a hacker penetrated the Wi-Fi network of U.S. retailer TJX to complete what was then the world's biggest-known theft of credit card numbers.


Popular
  • Big Takeaways: Myles Garrett makes presence felt on very 1st snap

    Big Takeaways: Myles Garrett makes presence felt on very 1st snap

    The Jets are unexpectedly riding a two-game winning streak as they head to Cleveland for a matchup with the winless Browns . Thankfully, Jets K Chandler Catanzaro was able to drill a 41 yard FG with 28 seconds left in OT to give them the victory.
    Argentina draw a blank

    Argentina draw a blank

    Only four South American teams will qualify automatically for the finals, with the fifth-placed side forced into a play-off. He was pretty scathing of the organisation, supporting the earlier view of Messi , who has called it a " disaster ".
    German Election: Anti-AfD Protests Erupt In Berlin

    German Election: Anti-AfD Protests Erupt In Berlin

    The unprecedented victory of the AfD and its presence in the German parliament will undoubtedly have important implications. Schulz's SPD was down to 20.5 percent, but still managed to remain the second party after the conservatives.
  • Republic of Ireland's Martin O'Neill 'not bothered' by Wales being favourites

    Music or no music, what promises to be a full-blooded, winner-takes-all encounter is likely to have an extremely raucous soundtrack.
    NRA May Crack Down On 'Bump Stocks' After Vegas Massacre

    NRA May Crack Down On 'Bump Stocks' After Vegas Massacre

    Presidential spokeswoman Sarah Huckabee Sanders told reporters Thursday that "we're certainly open to having that conversation". What is a bump stock, how does it work and is it legal? "I think they're all just responding emotionally to the massacre".
    San Francisco 49ers: 3 Takeaways vs

    San Francisco 49ers: 3 Takeaways vs

    Unfortunately, this means they're also a team that just isn't fun to watch. "We just got to clean, get better and better". Recent polls have shown most of those surveyed somewhat or strongly disapprove of the take-a-knee protests.
  • With Christian Pulisic Driving, United States Steers Closer to World Cup

    Honduras (2-2-3) also remains in the running despite a awful goal differential, the first tiebreaker. Friday night's contest against Panama is absolutely huge regarding whether or not the team gets in.

    Nick Folk has total meltdown vs. Patriots, and Twitter hilariously reacts

    Oh, and I guess we should probably find a guy who can give us three points when we need to have three points on the board. Best breakup: Jonathan Jones deflected the final pass of the game that could have given the Bucs the last-second win.
    Gray To Start Game 1 Against Indians, Sabathia For Game 2

    Gray To Start Game 1 Against Indians, Sabathia For Game 2

    With a rotation featuring Carlos Carrasco, Trevor Bauer and likely Cy Young victor Corey Kluber , the Indians don't have to be. They were unstoppable down the stretch, reeling off an AL-record 22 consecutive wins, baseball's longest streak in 101 years.
  • Alabama's offense sputters against Texas A&M

    Alabama's offense sputters against Texas A&M

    Saban said the Aggies (4-1, 2-0) are the strongest all-around team the Tide has faced so far this season. He already has a 100-yard kick return this season and leads the Aggies in receiving once again.
    Red Sox infielder carried off the field by manager John Farrell

    Red Sox infielder carried off the field by manager John Farrell

    The Red Sox starting pitching is much better and their lineup is much more playoff tested, so I'm going with the upset here. Boston's ace had an incredible season, but his playoff inexperience was obvious Thursday afternoon in Houston .
    Rams' Greatest Show 2.0 outshines America's Team 35-30

    Rams' Greatest Show 2.0 outshines America's Team 35-30

    Prescott earlier had a 10-yard scoring run that ended with a flip at the goal line as he tried to dive past three defenders. In a game where the Dallas dominated the first half, 30 points weren't enough as the Cowboys fell to the Rams 35-30 Sunday.

CONNECT