Wi-Fi WPA2 Security Vulnerable to KRACK Attacks

By | October 16, 2017

Is Your Wifi Hacked or more importantly Kracked?

Researchers have said, every modern Wi-Fi network, and every device that has connected to one, could potentially have been hacked
after a huge breach.Security researchers claim to have found high-severity vulnerabilities in WPA2 (Wi-Fi Protected Access II), a popular security protocol used by nearly every Wi-Fi device on the planet. The vulnerabilities could potentially allow anyone near your router to eavesdrop on the Wi-Fi traffic being sent through it.

Details have been revealed on a dedicated site called krackattacks.com, named after the proof-of-concept attack called KRACK (Key Reinstallation Attacks). A total of 10 vulnerabilities have been identified, and were discovered by researcher Mathy Vanhoef of imec-DistriNet, KU Leuven.

If the breach – known as Krack – is used, then it can give access to almost everything that has been sent over the network. Any device that used that same network could potentially have been hit by the problem.

“This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” wrote security researcher Mathy Vanhoef, whose work was noted by the US government. “The attack works against all modern protected Wi-Fi networks.”

Mr Vanhoef also noted that almost every modern computer, phone and even fridge could be hit by the attack. “Note that if your device supports Wi-Fi, it is most likely affected,” he wrote on a page devoted to the vulnerability.

And almost anything that’s sent over an affected network could be read. Some technologies like HTTPS make it far harder to read what’s being sent over a network – but even that has been “bypassed in a worrying number of situations”, wrote Mr Vanhoef.

The vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVE) identifiers, specifically: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086,CVE-2017-13087, and CVE-2017-13088. Further details of these vulnerabilities can be found on the aforementioned website, or the National Vulnerability Database of the US Department of Commerce’s NIST website.

Mr Vanhoef has requested all major manufacturer’s to release update for same at earliest. If you have router from major brand check for the update from their site or you can see default way to upgrade firmware at this link : How to Upgrade Your Wireless Router’s Firmware

Leave a Reply

Your email address will not be published. Required fields are marked *