HACKERS can target almost ANY smart device around the world thanks to a vulnerability in WPA2 Wi-Fi security. Here's everything you should know about this threat.
By DION DASSANAYAKE
PUBLISHED: 09:20, Tue, Oct 17, 2017 | UPDATED: 09:20, Tue, Oct 17, 2017
Apple iOS, Windows, Android and any smart device that uses Wi-Fi are all at risk of an attack, cybersecurity experts have warned today.
The newly discovered KRACK exploit affects the WPA2 security protocol, a standard for Wi-Fi security used on almost every Wi-Fi router.
In theory it allows a hacker within range of a Wi-Fi network to read passwords, credit card numbers and photos sent over the internet.
Other sensitive information that can be obtained thanks to this exploit is chat app messages and e-mails.
The WPA2 Wi-Fi vulnerability has been a closely guarded secret for weeks, with today’s revelations a co-ordinated disclosure.
The terrifying exploit was unearthed by researchers led by Mathy Vanhoef from the Belgian university KU Leuven.
The experts, after discovering the exploit, carried out a “proof-of-concept” attack on an Android smartphone to learn more about the vulnerability.
Vanhoef said the attack would work against “all modern protected Wi-Fi networks” and “if your device supports Wi-Fi, it is most likely affected”.
In the paper on the Krack Attacks website, the researchers said: "All protected Wi-Fi networks use the four-way handshake to generate a fresh session key and so far this 14-year-old handshake has remained free from attack.
"Every Wi-Fi device is vulnerable to some variants of our attacks.”
Vanhoef and his team said the KRACK attack is “exceptionally devastating” against Android 6.0.
Most modern Wi-Fi networks have traffic encrypted by either the WPA or WPA-2 protocols.
These have existed since 2003 and until now have never been broken.
When a user connects to a secure network, a four-way “handshake” takes place between a device and a router.
This is to ensure that no one can decrypt the traffic, but Vanheof’s team discovered a way to install a new key during the third step of the process.
Read more: express.co.uk
By DION DASSANAYAKE
PUBLISHED: 09:20, Tue, Oct 17, 2017 | UPDATED: 09:20, Tue, Oct 17, 2017
Apple iOS, Windows, Android and any smart device that uses Wi-Fi are all at risk of an attack, cybersecurity experts have warned today.
The newly discovered KRACK exploit affects the WPA2 security protocol, a standard for Wi-Fi security used on almost every Wi-Fi router.
In theory it allows a hacker within range of a Wi-Fi network to read passwords, credit card numbers and photos sent over the internet.
Other sensitive information that can be obtained thanks to this exploit is chat app messages and e-mails.
The WPA2 Wi-Fi vulnerability has been a closely guarded secret for weeks, with today’s revelations a co-ordinated disclosure.
The terrifying exploit was unearthed by researchers led by Mathy Vanhoef from the Belgian university KU Leuven.
The experts, after discovering the exploit, carried out a “proof-of-concept” attack on an Android smartphone to learn more about the vulnerability.
Vanhoef said the attack would work against “all modern protected Wi-Fi networks” and “if your device supports Wi-Fi, it is most likely affected”.
In the paper on the Krack Attacks website, the researchers said: "All protected Wi-Fi networks use the four-way handshake to generate a fresh session key and so far this 14-year-old handshake has remained free from attack.
"Every Wi-Fi device is vulnerable to some variants of our attacks.”
Vanhoef and his team said the KRACK attack is “exceptionally devastating” against Android 6.0.
Most modern Wi-Fi networks have traffic encrypted by either the WPA or WPA-2 protocols.
These have existed since 2003 and until now have never been broken.
When a user connects to a secure network, a four-way “handshake” takes place between a device and a router.
This is to ensure that no one can decrypt the traffic, but Vanheof’s team discovered a way to install a new key during the third step of the process.
Read more: express.co.uk
No comments: