Security flaw leaves all Wi-Fi traffic open to eavesdropping

KU Leuven researchers have discovered serious weaknesses in a protocol that secures all protected Wi-Fi networks. Attackers can exploit these flaws to steal credit card numbers, passwords, and other sensitive information.

Researcher Mathy Vanhoef (Department of Computer Science / imec-DistriNet) detected the weakness by performing a novel type of attack against the so-called 4-way handshake of the WPA2 protocol, which secures all protected Wi-Fi networks.

Whenever someone joins a Wi-Fi network, it executes this 4-way handshake to produce a fresh encryption key for all subsequent traffic. To guarantee security, a key should be installed and used only once. But in a key reinstallation attack (KRACK), attackers trick a victim into reinstalling an already-in-use key. As a result, they can steal sensitive information or, depending on the network configuration, inject malware into a website.   

Any device that uses Wi-Fi is most likely vulnerable. Make sure to keep your devices updated. 

All modern protected Wi-Fi networks currently use the 4-way handshake. This means that all these networks are vulnerable, and that any device that uses Wi-Fi is most likely vulnerable. 

Does that mean we should all change our Wi-Fi passwords’ Vanhoef: "Changing the password of your Wi-Fi network does not prevent attacks. Instead, users have to update all their devices as soon as security updates becomes available."

Wi-fi security flaw ’puts devices at risk of hacks’ https://t.co/xTqRmrcsIl

- BBC Technology (@BBCTech)

WPA2 wifi security vulnerable to hacking, US government warns https://t.co/XNbA2tAs9n

- Guardian Tech (@guardiantech)

This site uses cookies and analysis tools to improve the usability of the site. More information. |