‘KRACK’ security issue affects all modern Wi-Fi networks
Research regarding a serious Wi-Fi vulnerability was recently disclosed online. It taps on the issue apparently affecting all modern Wi-Fi security protocols, something that allows attackers to access sensitive information.
Researchers posted the study on a website called “Krackattacks.” The security vulnerability could be exploited through the use of key reinstallation attacks or “KRACKs.”
Wi-Fi security protocols like WPA2 send data in a secure encrypted stream between devices. Smartphones and other gadgets joined in a Wi-Fi network each have an encryption key to read the encrypted data. These keys are like passwords used by devices to see what each sends to one another. They are different from the passwords that users input to join an existing Wi-Fi network.
A KRACK works by replacing the encryption key of a Wi-Fi network into something a hacker knows about. A good example would be setting the encryption key to all zeros. Doing so allows an attacker to intercept all the data being transmitted and received along the Wi-Fi network. Data from smartphones, laptops and other wireless devices become an open book to any attacker looking for sensitive information to exploit. Android and Linux devices appear to be most vulnerable.
Watch the proof-of-concept video below to see how a KRACK can be executed.
The researchers advised to temporarily avoid public Wi-Fi hotspots and stay on HTTPS websites until companies release software patches to fix the vulnerability in their respective devices.
Windows and macOS devices are also vulnerable to KRACK. As such, Microsoft announced that a patch had already been rolled out with the October 10 Windows update.
A statement from the company, released via The Verge, said it “withheld disclosure until other vendors could develop and release updates.”
According to Engadget, Apple already applied a fix for this vulnerability in the beta versions of macOS, iOS, tvOS and watchOS. Users may expect the full version software updates to be released within October.
Google also plans to release a security update for Android phones by Nov. 6. JB
Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.