Image: Courtesy www.simplilearn.com
By: Tina Tyler/www.tinaontech.com.
Image your Wi-Fi signal being lured down a dark and seedy connection by a code that promises higher speeds and quick hits. This newly discovered vulnerability in WPA2, a fundamental security protocolmeant to protect Wi-Fi networks, can invade ANY device that utilizes a wireless interface. The bug is known as KRACK, Key Reinstallation Attack, and works against all modern protected Wi-Fi networks. It allows hacker to inject ransomware or malware and can also provide hackers with sensitive personal information such as credit card numbers or PINs and passwords. But like obtaining a drug, the hacker-pusher must be within 2 – 8 miles of your Wi-Fi signal.
In a key reinstallation attack, the “pusher” tricks the user into reinstalling an already-in-use key. When the user reinstalls the key, associated parameters such as incremental transmit packet number (i.e.nonce) and receive packet number (i.e. replay counter) are reset. The “pusher” can then manipulate this cryptographic handshake and exploit accordingly. Thus, the “pusher” has a line in the vein of your mobile device, laptop, or other Wi-Fi enabled device. And, consequently, can manipulate the device and extract information to their desired result. You’ve been hacked!
Now, before you turn off your Wi-Fi or sift through recent updates for a patch, the Wi-Fi_Alliance a non-profit organization which certifies that Wi-Fi devices conform to certain standards of interoperability and assures that Wi-Fi products from different vendors work well together, is on the case! The plan will help correct identified WPA2 weaknesses and provide a vulnerability protection tool for users to download. You can also employ other preventative measures now such as not re-entering passwords or other highly sensitive data, and regularly updating Wi-Fi devices and router firmware. Here is a list of current patches that will work today!
Big ups to a Belgian researcher for getting us hip to this trick. Post-doctoral researcher Mathy Vanhoef , first encountered the flaw while examining data for another paper! Unlike a drug dealer exposed by complex surveillance or crafty sting operations, he discovered KRACK quite by happenstance. He and other researchers went on to present their findings at the Computer and Communications Security(CCS) conference onNovember 1, 2017 and are at the forefront of creating solutions.
Remember KRACK, can infect any device using Wi-Fi and the hacker-pushers can manipulate their victims to perilous ends. So, before your phone or bank account needs treatment, stay frosty and update all devices often!
About the author:
Tina Tyler is a veteran TV news anchor/reporter. Tyler currently hosts a weekly half-hour TV show, Tina On Tech and radio show of the same name. She is also Editor-in-Chief of the popular website Tina On Tech where she writes a daily column on technology news, products, digital culture and entertainment. Tyler is a member of the Society of Professional Journalists and National Association of Television Arts & Sciences. Follow her on Facebook and Twitter.
