A recent observation by a researcher proved that the most secured WPA2 protocol used in all modern Wi-Fi devices are vulnerable to attacks and can be easily hacked. The attack named KRACK acronym for “Key Reinstallation Attack” can be used to hack all the sensitive and encrypted information such as credit card numbers, passwords, chat messages, photos from any Wi-Fi enabled devices.
What is Krack?
Mathy Vanhoef, a security researcher has discovered some serious vulnerabilities in WPA2, a security protocol used in all modern protected Wi-Fi networks. KRACK works against the four-way handshake method used for secure authentication. But the four-way handshake is initiated while a user joins the wireless network making network vulnerable to attacks. Apart from stealing the sensitive information, the hackers can also manipulate and inject data.
“This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key” Vanhoef, the researcher who discovered the issue says”. “This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack”.
Which devices are vulnerable?
The devices vulnerable to the key reinstallation attacks(KRACK) are Wi-Fi enabled devices such as smartphones, laptops, smart-home devices and any device which can connect to a Wi-Fi router. Every company Wi-Fi supported device is vulnerable to KRACK attacks. All the Apple, Android, Linux, Windows, OpenBSD are affected by the attacks. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. This means any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.
The defects are in the Wi-Fi standard itself, and not in individual devices or implementations. This implies that any WPA2 implemented device is likely affected.
How to avoid the KRACK attacks?
To prevent the attack, the users must update their devices with the security updates as soon as they become available.
Microsoft has already released an update addressing the security issue. The company stated that
“Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates”.
Apple has fixed some serious vulnerability issues in WPA2 Wi-Fi standard according to iMore’s Rene Ritchie. While Google said that it is aware of the issue and will be fixing the problem soon by releasing patches in the upcoming weeks. Intel has released a security advisory, which includes a list of updated Wi-Fi drivers and patches for updated chipsets. Even Netgear has addressed the fixes for some of its routers.
Have you secured your device with the security updates yet? Share your views in the comments below!