Last minute geek

last minute tech news from around the net

Sunday, Jul 15th

Last update01:00:00 AM

You are here: English CircleID KRACK Attack Can Affect All Modern WiFi Networks, Researchers Have Disclosed

KRACK Attack Can Affect All Modern WiFi Networks, Researchers Have Disclosed

User Rating: / 0
PoorBest 

As a proof-of-concept researchers executed a key reinstallation attack against an Android smartphone demostrating how the attacker is able to decrypt all data that the victim transmits.

Security researchers Mathy Vanhoef and Frank Piessens have detected a major vulnerability in the WPA2 protocol that secures all protected Wi-Fi networks. Details of the exploit named KRACK were published today depicting how the weakness can be exploited by attackers to steal sensitive information like passwords or credit card numbers. "We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks," writes Vanhoef. He adds:

"An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. ... Note that if your device supports Wi-Fi, it is most likely affected.

But don't panic, says Steven Bellovin: "Encryption flaws are sexy and get academics very excited, but they're rarely particularly serious for most people. That's very true here. In fact, at a guess, the most widespread problem, with WiFi, will have fewer serious consequences than the RSA problem."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity


Read all
Comment Policy:
We pre-moderate any comments and welcome all kinds of thoughts, supportive, dissenting, critical or otherwise. We delete or censor comments that are:

* abusive
* off-topic
* contain personal attacks, or against any company or organization
* promote hate of any kind
* use excessively foul language
* is blatantly spam or advertising

We do not discriminate based on the person who is posting, and we never censor comments for political or ideological reasons. We never delete an appropriate comment because we disagree with its viewpoint or ideology, and we never publish an inappropriate comment because we agree with or support its viewpoint or ideology.


Attention spammers: we manually approve all comments. Spamming and blatant advertising will NOT be published on this site and is deleted immediately, you've been warned, do not waste your time here.

Add comment

Security code
Refresh