KU Leuven researchers have discovered serious weaknesses in a protocol that secures all protected Wi-Fi networks. Attackers can exploit these flaws to steal credit card numbers, passwords, and other sensitive information.
Researcher Mathy Vanhoef (Department of Computer Science / imec-DistriNet) detected the weakness by performing a novel type of attack against the so-called 4-way handshake of the WPA2 protocol, which secures all protected Wi-Fi networks.
Whenever someone joins a Wi-Fi network, it executes this 4-way handshake to produce a fresh encryption key for all subsequent traffic. To guarantee security, a key should be installed and used only once. But in a key reinstallation attack (KRACK), attackers trick a victim into reinstalling an already-in-use key. As a result, they can steal sensitive information or, depending on the network configuration, inject malware into a website.
Any device that uses Wi-Fi is most likely vulnerable. Make sure to keep your devices updated.
All modern protected Wi-Fi networks currently use the 4-way handshake. This means that all these networks are vulnerable, and that any device that uses Wi-Fi is most likely vulnerable.
Does that mean we should all change our Wi-Fi passwords’ Vanhoef: "Changing the password of your Wi-Fi network does not prevent attacks. Instead, users have to update all their devices as soon as security updates becomes available."
Wi-fi security flaw ’puts devices at risk of hacks’ https://t.co/xTqRmrcsIl- BBC Technology (@BBCTech)
WPA2 wifi security vulnerable to hacking, US government warns https://t.co/XNbA2tAs9n- Guardian Tech (@guardiantech)