A newly discovered vulnerability in WPA2 – the protocol that safeguards modern Wi-Fi networks – has threatened the security of networks around the world.
Though most modern hacking attempts have leveraged vulnerabilities in different forms of smart devices, a far more fundamental flaw within WPA2 has been discovered by researchers which could threaten the security of most wireless networks around the world.
Researcher Mathy Vanhoef of Belgium’s KU Leuven University has revealed that an inherent flaw in WPA2 could lead hackers to attempt a key reinstallation attack (KRACK) that could enable one to read information previously thought to be encrypted on a Wi-Fi network.
That kind of information could range from simple media such as photos and messages, all the way to sensitive data such as credit card numbers and passwords
Vanhoef cited that KRACKs could also be used to deliver payloads of malware to smart devices linked to a Wi-Fi network, through which such software could be delivered onto other systems.
If the news sounds utterly terrifying, here’s some relief: the hack cannot be performed online and requires the malicious entity in question to be connected to the local Wi-Fi network they wish to brief.
The nature of the vulnerability is informed by WPA’s ‘four-way handshake’, which is a security layer present in the security standard that determines whether prospective devices have the correct credentials to join the network.
The ‘four-way handshake’ should supposedly deliver new encryption keys to encrypt subsequent traffic on the network once a new device joins – yet KRACKs succeed in forcing the network to issue an out-of-date key that has been previously used.
Researchers have found that the vulnerability is crucial in accessing different forms of smart devices – including devices running Apple’s, Microsoft’s, and Google’s operating systems. Researchers further succeeded in penetrating websites and apps using HTTPS encryption with varying levels of success.
Many popular consumer technology brands have begun issuing software patches to their systems, and Vanhoef has urged general consumers to update their devices as quickly as possible.
In an online FAQ, Vanhoef explained that “Changing the password of your Wi-Fi network does not prevent the attack… Instead, you should make sure all your devices are updated, and you should also update the firmware of your router.”
For the technical among us, the vulnerability has now been fully detailed in an online research paper.
What are your thoughts? Be sure to let us know your opinion in the comments below!