Close

October 23, 2017

All about latest WPA2 Wi-Fi vulnerability: KRACK

wireless security Krack Attack

Someone rightly said “There is nothing completely secure if you are connected to the internet.”

WiFi networks have always provided us with extraordinary benefits when it comes to enjoying all types of content on the internet. But recently, a group of hackers has found a way to violate the security of one of the strongest authentication protocols to date: WPA2.

Even if you don’t know it, you are usually using the WPA2 protocol. Yes, every time you connect a new device to your home Wi-Fi network or connect to a friend’s Wi-Fi from your mobile, you’re usually using the famous WPA2 protocol. Without a doubt, it is one of the most important wireless security improvements to this day.

However, researchers at the University of Leuven in Belgium rang the alarm bell: the password that protects from snooping Wi-Fi networks around the world is not at all safe.

The commonly used security standard WPA2 appears to be easy to crack. This is a very serious security and privacy risk to businesses and consumers alike.


What is WPA2?

Let’s start by talking about WPA2. Its acronym comes from Wi-Fi Protected Access 2. And as its name indicates, it is a protocol focused on securing your wireless networks.

The WPA2 is also known as a 4-way handshake. This process is performed when a person connects to a wireless network; it is used to confirm that both parties have the correct credentials (password). But with Krack, an outsider can easily access different information as it is sent across the wireless network. This third party can access data such as credit card numbers, chats, photographs or passwords. They do this with the commonly used (and often easily detectable) ‘man in the middle’ attacks.

What is KRACK?

Krack is a vulnerability that affects the Wi-Fi network. It does not get the password but the danger is more serious: it’s able to spy. Recently a new type of cyber attack known as Krack (Key Reinstallation Attack) was discovered.

The new discovery means it’s quite easy for hackers to read the secure information sent via a Wi-Fi network. Now sensitive data like login credentials, financial information or other important files, can easily be in the wrong hands.
The discovery of the Key Reinstallation Attack, as the leak is called, is the work of Mathy Vanhoef. The full paper of his research can be found here. The more general explanation he makes on his website www.krackattacks.com.

What does this mean for our safety?

Such an infringement on the Wi-Fi network is only possible if any attackers are close enough to catch the Wi-Fi signal. However, security experts have also said that it is a very worrying vulnerability. Now that the discovery has been made public, the risks are only increasing because now people (hackers) with bad intentions are widely aware of the existing vulnerability and can use this knowledge for malicious practices.

What can we do?

Unfortunately, almost all modern network devices are vulnerable including Smart TVs, phones, tablets, laptops and your home router and wireless access points. There will be security updates to resolve this vulnerability. So it is now up to hardware manufacturers to come up with appropriate updates quickly to close the vulnerabilities.

In order to ensure the confidentiality and integrity of the data, we strongly advise you make sure you’re using a VPN when on wireless networks and baring that, only browse sites with valid SSL certificates. These can be seen by the https:// at the beginning as opposed to http://

Microsoft and Apple have already released patches for all of their popular devices and Google isn’t far behind with an Android patch. Be sure your systems are up to date.

For more information, check out this video below on the vulnerability;

https://www.youtube.com/watch?v=Oh4WURZoR98