WPA2 Flaw Means Almost Every Phone, PC and Router Is At Risk

Image iStock

Image iStock

In other words, a hacker would have to be physically near the same router as you to gain access to your device.

The vulnerabilities can be exploited by "key reinstallation attacks", or KRACKs, as it's called by Mathy Vanhoef, the researcher from Netherlands university KU Leuven who discovered the WPA2 flaws. Identified as the "Key Reinstallation Attackes", or Krack Attacks, the security flaws were found to be in the actual WiFi standard, not individual products. "Together with other researchers, we hope to organize workshop (s) to improve and verify the correctness of security protocol implementations".

What that means is the vulnerability potentially impacts a wide range of devices including those running operating systems from Android, Apple, Linux, OpenBSD and Windows. It has contacted around a hundred concerned organizations in order to issue a warning about the threat. It affects WPA2, a protocol used to secure Wi-Fi networks. A detailed research paper is available now for those interested in some dense reading.

The good news is that a hacker has to be nearby to carry out an attack that takes advantage of this problem. The new attack works by injecting a forged message 1, with the same ANonce as used in the original message 1, before forwarding the retransmitted message 3 to the victim.

The encryption key can be resent multiple times during step three, and if attackers collect and replay those retransmissions in particular ways, Wi-Fi security encryption can be broken.

Is it time to panic?

Fortunately, the attacker would need to be in close proximity to you in order to pull off an attack. The fact that remote attacks are not possible will necessarily limit the amount of damage that a malicious entity can do.

It is not only user's online records that are at risk as hackers get to watch online transactions including bank or credit card details.

Connections protected by a VPN are secure.

Researchers who discovered the flaw said it has to do with the four-way handshake that creates the key for data traffic encryption.

Cisco: The company is now investigating exactly which products are impacted by KRACK, but says that "multiple Cisco wireless products are affected by these vulnerabilities". In tests, the researchers did not find a single device or software that was entirely immune to KRACK. However, Vanhoef also states that businesses using HTTPS to transmit traffic are still relatively safe from KRACK as the protocol still encrypts data from a browser to a server. After determining that this was a vulnerability of the protocol, not of a vendor-specific implementation, Vanhoef approached CERT/CC, which in turn notified product vendors on August 28th.

So What Should I Do?

In a statement, Microsoft said, "We have released a security update for all supported versions of Windows". The bottom line: "If your device supports WiFi, it is most likely affected".

Also, the public announcement about this security weakness was held for weeks in order to give Wi-Fi hardware vendors a chance to produce security updates. If you know one set of data you can figure out the other - that's the best case; some cases are worse than that because you can as good as take over the connection both ways.

Recommended News

  • Darvish to start Game 3 for Dodgers in NLDS

    Darvish to start Game 3 for Dodgers in NLDS

    The red-bearded slugger tied a Dodgers record for most RBIs in a postseason game, sharing it with Pedro Guerrero and Davey Lopes . The national anthem will be sung by Elliott Yamin, the third-place finisher in the 2006 season of "American Idol".
    Ferrari's Vettel lays down early marker in Japan

    Ferrari's Vettel lays down early marker in Japan

    The Haas F1 pilot walked away fine, but ended the opening part of qualifying just on the wrong side of the cut-off in P16. Once cars set up that way overtake you, it can be tough to repass them even if you can out-corner them.
    Argentina slumps to 0-0 draw; verges on missing World Cup

    Argentina slumps to 0-0 draw; verges on missing World Cup

    If Chile lose, the victor of this game will leapfrog them, leaving the loser relying on results elsewhere to qualify. Colombia looked to be heading to Russian Federation before they slipped to a late loss against Paraguay .
  • Weekly poll: Pixel 2 and Pixel 2 XL, are the worth it?

    You get a USB-C to 3.5mm adapter in the box, but if you lose it, a new one will cost you $20 (double what Apples adapters cost). Instead, they're embracing the bezels and have managed to squeeze a stereo speaker setup on the front of the phone.

    WWE Hell in a Cell 2017: Results and Matches

    I said it at the beginning of this review and let me say it again: the way this story was told since SummerSlam was so, so good. The mass promotion of McMahon's bout with Owens rightly put it as the main event at Hell in a Cell , and that's fair enough.
    GOP senators call on ATF for new bump fire stock guidance

    GOP senators call on ATF for new bump fire stock guidance

    The special stock uses the energy released by the kickback and enables the rifle to rapidly fire bullets in an automatic fashion. Paddock is not the usual mass shooter. "Since this story has broke, we've been getting about 50 people a day asking for them".
  • Frustration around Jim Harbaugh mounts as Michigan loses to Michigan State

    Frustration around Jim Harbaugh mounts as Michigan loses to Michigan State

    MI bizarrely put the ball in the hands of O'Korn amid a deluge, and three straight Wolverines possessions ended in interceptions. Receiver Felton Davis III has 21 catches for the Spartans which has resulted in 256 yards and four touchdowns.
    BlackBerry Motion features full touchscreen, Android OS

    BlackBerry Motion features full touchscreen, Android OS

    Rumours suggest that the new all-touch device from TCL under the BlackBerry moniker will sport a water and dust resistant design. Although the first picture of the BlackBerry Motion leaked yesterday, few details about its specs are known for the time being.
    Yankees To Go With Gray And Sabathia In ALDS Games 1 & 2

    Yankees To Go With Gray And Sabathia In ALDS Games 1 & 2

    With a rotation featuring Carlos Carrasco , Trevor Bauer and likely Cy Young victor Corey Kluber , the Indians don't have to be. The 6-foot-7 Miller was magnificent in last year's postseason, striking out 30 over 19 1/3 innings and winning ALCS MVP award.
  • 3 takeaways from Tigers' win over Florida in Week 6

    3 takeaways from Tigers' win over Florida in Week 6

    DB Chauncey Gardner - starter: Hurt his ankle in loss to LSU . "Got off to a tough start, had a few growing pains in some areas". McElwain said part of the problem is Florida's third-down conversion rate, which is.396, seventh in the league.
    Harrison Ford, Ryan Gosling can't stop laughing in boozy British interview

    Harrison Ford, Ryan Gosling can't stop laughing in boozy British interview

    If the future world first introduced to us 35 years ago in Blade Runner was anything, it was a world starved for want of wonder. His Los Angeles remains dark, rainy and gloomily handsome , but it's essentially unchanged from Scott's depiction of 2019.

    Google Takes On Amazon Dot With New Home Mini

    You can tap the middle to play/pause, tap the side to adjust volume and long press the middle to activate the Google Assistant . The Google Home Max ($399) is available a little later, with pre-orders opening on November 13 and shipping on January 14.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.