KRACK Attack: 41% of Android Devices Affected And Easy To Hack


The U.S. Department of Homeland Security issued a warning Monday morning on a fundamental operation flaw in the Wi-Fi Protected Access II (WPA2) protocol, which is created to secure all modern protected Wi-Fi networks. Unlike in past when older WiFi security protocols have been compromised, there is nothing to replace WPA2.

"Note that if your device supports Wi-Fi, it is most likely affected", he said. The attack, however, was "exceptionally devastating" for devices that run Android 6.0, he says.

The flaw, know as Krack, uses a weakness in the WPA2 protocol, which is used to secure all modern Wi-Fi systems. Because it copies the whole router, they can't see passwords, but they can see data. For example, a message sent from your phone to a network could be played, or video that your security camera sent to network could be played and all modems are affected.

Mr Liverpool has outlined how serious the threat is that we are now facing, furnishing users with some basic tips to bear in mind so as to be proactive in maintaining security.

"Despite this, however, the ability to decrypt Wi-Fi traffic could still reveal unique device identifiers (MAC addresses) and massive amounts of metadata (websites visited, traffic timing, patterns, amount of data exchanged etc.) which may well violate the privacy of the users on the network and provide valuable intelligence to whoever's sitting in the black van".

An attacker in range of a target's device can exploit weaknesses in WPA2 using key reinstallation attacks (KRACKs), which allows them to view data that's meant to be encrypted.

More news: Samsung CEO to resign despite record Q3 earnings

If you discover from browsing the CERT advisory that there is an update available or your computer, wireless device or access point, take care to read and understand the instructions on updating those devices before you update.

A security researcher has gone public with more information about a serious flaw in the WPA2 security protocol that blows the security of wireless networking wide open. In some cases, "an attacker might be able to inject ransomware or other malware into websites", Vanhoef explained.

The hack attack is called "Krack".

In order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors.

United States Computer Emergency Readiness Team (CERT) issued a warning on Monday that encouraged all Wi-Fi users to install updates when available. This could involve passwords, credit card numbers, photos and messages sent over a network to be stolen, or cyber attacks to be inserted into the traffic. Quick on the uptake is Microsoft who has been reported to have already patched supported versions of Windows for devices who have automatic updates enabled.

As I've previously written, the padlock indicates that traffic to and from a site is encrypted - via the HTTPS protocol- which basically means no one but that site can read any sensitive information you share. Simply changing Wi-Fi network passwords is not going to help. Also, a security update on either side of the handshake communication can ensure that keys are not reused.