KRACK is wack for Wi-Fi attack–protocol flaw exposed

What’s being called Black Monday in the security world is the discovery of a fundamental flaw with WPA2 (Wireless Protected Access v2), which secures an estimated 60 percent of the world’s Wi-Fi networks. According to all reports, the WPA2 protocol (the ‘handshake’ between the device and the router) can be manipulated into reusing encryption keys. ‘KRACK’–for Key Reinstallation Attack–threatens any Wi-Fi enabled device and all Wi-Fi networks. It was discovered by researchers at KU Leuven, a university in Flanders, Belgium. 

Threats include attacks on any sensitive information–hackermania potentially running wild. The vulnerability also permits an attacker to inject malicious information–ransomware and malware–into a Wi-Fi network. 

Security firm Varonis narrows the greatest threat down to Android users and devices that implement the WPA2 protocol very strictly. They consider Apple iOS devices and Windows PCs to be mostly (as of now) unaffected “since they don’t strictly implement the WPA2 protocol and key reinstallation.” 

This obviously affects any public networks or lightly protected networks in practices and hospitals. Varonis notes that the attack depends upon being within Wi-Fi range of the target device with the attacker sending forged data to the client. But this is difficult–it requires not only proximity but also access to a specialized networking device and to be able to code the attack manually.

Updates are allegedly on the way from Apple and Google, while Microsoft has already included it in last week’s updates for Windows 7, 8, and 10 (Telegraph). Most vulnerable devices are Android smartphones and tablets, which according to The Verge have an additional variant vulnerability affecting 41 percent of devices–and Android devices are notoriously slow to send out updates. 

Monday also marked a second threat called ROCA, an attack on public key encryption which may weaken authentication of software when installing it. This will be fixed in software updates.

Recommended protection for now, as listed in the Telegraph, is to ensure that all your Wi-Fi access is password-protected and to implement updates on networks. Don’t use public unsecured networks. Shop only on https-protected sites. Computers and devices are issuing firmware and driver updates, and a constantly updated list is published over at the wonderfully-named Bleeping Computer, but your router may not automatically update, so you will have to do some searching and consulting with your internet provider. Also Wordfence (hat tip to Founder Steve) and a second article in The Verge.

Categories: Latest News.