Your home Wi-Fi is easily hackable, allowing attackers to access to your passwords, credit card number and other sensitive information. Researchers have discovered a serious vulnerability that could allow attackers to get access to sensitive information transmitted between a Wi-Fi access point to a computer or mobile, even if the data is encrypted. The fatal flaw, known as KRACK (short for, Key Reinstallation Attack), directly affects the WPA2 protocol, a security tool that can be found in most Wi-Fi enabled devices.
Here’s what you know need about the Key Reinstallation Attack
What is KRACK?
A researcher in Belgium named Mathy Vanhoef, a wireless security expert at KU Leuven, first discovered the issue with the Wi-Fi Protected Access (WPA2) security tool. KRACK works against the four-way handshake that takes place when a user is joining a wireless local area network. The four-way handshake promises some sort of secure authentication to make it harder to get attackers, but this security is initiated when a user is joining a wireless network. This is a bit problematic, considering all modern networks uses the four-way handshake system.
“This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key” Vanhoef, the researcher who discovered the issue says”. “This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack”.
According to Vanhoef, major operating systems are vulnerable to the Key Reinstallation Attack, including Android, iOS, Linux, macOS, Windows , and iOS, but it varies from platform to platform. The most vulnerable platforms are Android and Linux. As a result, currently 31. 2 per cent of Android devices are vulnerable to the the deadly attack. Researchers were even able to demonstrate the KRACK attack process on an Android-powered smartphone to show hackers can decrypt encrypted data.
How to protect your devices from KRACK?
The best thing you can do right now is to install the automatic updates available on the device. Don’t rush to change the password just yet. If there are security updates available on the router, now is the time to update the device.
Microsoft has already released a software update to address the issue, as per Windows Central. The company has release a statement on the Key Reinstallation Attack.
“Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates”.
According to iMore’s Rene Ritchie, Apple has already fixed serious vulnerabilities in the WPA2 Wi-Fi standard. The company says it’s finalizing patches for iOS, watchOS, and macOS that will be available to consumers soon. Google said that it is aware of the issue and will soon be releasing patches in the coming weeks.
The United States Computer Emergency Readiness Team also issued a warning as part of its KRACK Wi-Fi attack, according to Ars Technica.
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected”.
Intel has released a security advisory, which includes a list of updated Wi-Fi drivers and patches for updated chipsets. Meanwhile, Netgear has issued fixes for some of its routers.