WPA2 security flaw risks every Wi-Fi device to hijack and eavesdropping

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.

The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network.

That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.

In other words: This flaw, if exploited, gives an attacker a skeleton key to access any WPA2 network without a password. Once they’re in, they can eavesdrop on your network traffic.

The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices — putting every supported device at risk.

“If your device supports Wi-Fi, it is most likely affected,” said Vanhoef, on his website.

But because Vanhoef hasn’t released any proof-of-concept exploit code, there’s little risk of immediate or widespread attacks.

News of the vulnerability was later confirmed on Monday by US Homeland Security’s cyber-emergency unit US-CERT

Read more

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 850 other subscribers

About

Leave a Reply