Severe WPA2 Vulnerability Compromises Wi-Fi Security

Marlene Weaver
October 18, 2017

The threat starts from the Wi-Fi router that you own, and can easily spread to phones, tablets and other computing devices that you may use. "For example, an attacker might be able to inject ransomware or other malware into websites". "We agree that some of the attack scenarios in the paper are rather impractical, do not let this fool you into believing key reinstallation attacks can not be abused in practice", says Vanhoef, who has authored a 16-page academic paper on the vulnerability along with Piessens. Any device that is connected to a Wi-Fi network is at risk for an attack if the hacker is within range of the victim.

A severe security flaw has put at risk all data transmitted over Wi-Fi all over the world.

Android 6.0 and above, along with many Linux variants, use a newer version of the wpa_supplicant application that is the vector for this variation of the attack. The United States Computer Emergency Readiness Team, a part of the Department of Homeland Security, confirmed the WPA2 vulnerability for Wi-Fi networks, after Mathy Vanhoef, security expert at Belgian university KU Leuven, discovered the flaw in wireless security. Microsoft issued a patch for the vulnerability in its October security release, and technology analyst Rene Ritchie reported in a tweet that Apple had patched the flaw in the latest beta versions of iOS, tvOS, watchOS and macOS.

"Depending on the network configuration, it is also possible to inject and manipulate data", the researchers continued.

Indeed, many companies are now developing security patches, which you should immediately download as soon as they're available.

"Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted".

The group says the problem can be resolved through straightforward software updates.

Since the researcher claimed that most Wi-Fi supporting devices could be affected by the KRACK attacks, different tech giants reportedly came up with their own solutions to prevent their products from such occurrences.

In the meantime, avoid connecting to public Wi-Fi networks. The ideal solution right now would be to unhook these devices from the Wi-Fi network, and check with the manufacturer for KRACK patches. All you can do is wait for security updates for your devices.

This padlock will appear on all HTTPS sites.

Your password-protected Wi-Fi connection could be vulnerable to trespassing.

Other reports by Insurance News

Discuss This Article