Researchers discover vulnerability affecting Wi-Fi security

Researchers discover vulnerability affecting Wi-Fi security

Experts have long said that the best way for most users to secure a connection to a Wi-Fi hotspot is to use an encryption type known as WPA2.

Tristan Liverpool, Director of Systems Engineering at F5 Networks, said: "This major public vulnerability can affect any Wi-Fi network, including home, office and public connections. Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website)". Most Wi-Fi-enabled devices and operating systems are affected by this vulnerability to some degree, including Linux, Windows, Android, and iOS, as well as most Wi-Fi routers and access points.

"The attack works against all modern protected Wi-Fi networks", researcher Mathy Vanhoef wrote on a website outlining his findings.

See also: Time to review your economy class Wi-Fi?

He also alerted the Wi-Fi Alliance, which oversees standards for that technology.

"Users must update affected products as soon as security updates become available".

Krack refers to what the researchers call "key reinstallation attacks", or KRACKS. This sleight of hand is achieved by manipulating and replaying cryptographic handshake messages.

Android is particularly at risk from the vulnerability, Vanhoef wrote.

To ensure a keystream that never repeats, the client uses the session key plus a nonce, or "number used once", to encrypt each network frame; the nonce is incremented after each frame so that the keystream is different each time.

No. 1 Alabama visits Aggies after steamrolling 2 SEC teams
In the lead up to the game, Saban had described the Aggies as the best team the Tide would face through the first six contests. The Crimson Tide defense stood its ground there before the Aggies' Daniel LaCamera nailed a career-high 52-yard field goal.

According to ZDNet, both personal and professional devices with WPA2 protocols have been effected.

This means the keystream starts repeating itself - and re-using the keystream in a network encryption cipher of this sort is a big no-no.

A video showing a technical explanation of the attack on YouTube explains how it is "exceptionally devastating" against Android phones, which can be "tricked" into installing an empty encryption key.

As a proof-of-concept, Vanhoef has published a demonstration of how a key reinstallation attack might be carried out against an Android smartphone. Schneier notes, however, that mobile phones may come in handy - it could be possible that using your device on cellular mode may be a workaround, but it's so early in discovering this exploit that we're now unsure.

The WPA2 protocol that secures all modern WiFi networks used by smartphones, routers, laptops and internet-of-things (IoT) devices has been cracked, meaning that all data transmitted over such connections is open to hackers and cybercriminals, research suggests.

However, wireless routers and access points may require a vendor patch to protect against this vulnerability.

Is it as bad as it sounds?

"If you can use a VPN to secure any private or financial traffic, that should secure your data from prying eyes".

A security researcher has determined that almost every WiFi device in the world - your phone, your computer, your router, and on and on - has a flaw in their security protocol that makes them vulnerable to hackers that could hijack them, track your activities, or worse. Frank Piessens of imec-DistriNet, who supervised his research, is credited as joint author of the paper.

United States Computer Emergency Readiness Team (CERT) issued a warning on Monday that encouraged all Wi-Fi users to install updates when available. Firmware updates are expected.