Mathy Vanhoef of imec-DistriNet, KU Leuven might be no Columbus, but his discovery of a flaw in Android, Apple, Windows and Linux is being referred to as the “vulnerability of the year”. Of course, no celebration is necessary as people are severely jeopardized by this security issue as their Wi-fi networks are determined to be vulnerable to the point that hackers might steal personal information, including passwords, credit card details, chat messages, emails, photos and number similar material. Curious? Continue on reading this article for more information.
What is the KRACK attack and why is it so important to patch it up?
Severe flaws in WPA2 protocol were discovered. If the protocol were to function without any setbacks, the tool is supposed to secure Wi-Fi networks and make sure that no outside forces would be able to manipulate private data. The detected vulnerabilities are exploited through key reinstallation attacks (KRACKs). Issues were found in the Wi-Fi standard itself and individual products are not relevant.
There is a list of tools that carry vulnerabilities in Wi-Fi standard. If you are using merchandises from Linux, Apple, Android, OpenBSD, MediaTek, Linksys or others, you are one of the threatened people. To offer some evidence and prove that the vulnerability exists, Mathy Vanhoef provided a demonstration of the KRACK attack against an Android smartphone. Users of Android and Linux are explained to be the people that should be in haste of fixing these security issues. Why? Well, these operating systems can be deceived and install/re-install an all-zero encrypted key. Other devices are more difficult to influence in this way.
If key reinstallation attack is successful, basically any type of information can be obtained by hackers. This includes credentials of accounts, but extends much more than expected. The described invasion takes place to influence 4-way handshake of the WPA2 protocol. It usually checks whether a person may connect to a Wi-Fi network and this protocol is found in nearly all modern Wi-Fi networks.
Concerned users ask a lot of questions about this situation. For instance: should they change passwords of their Wi-fI networks? The answer is no, as it won’t be relavant to the possibility of suffering from KRACK attack. However, regularly replacing old codes with new ones can never hurt.
Vulnerabilities should be easily patched in a backwards-compatible manner. To provide better services, many websites and programs exploit HTTPS/SSL encryption. This will be much more complicated to decrypt and information, shared/exploited in such services might be properly encoded.
To be secured, you should see whether your vendor has released a patch for this security vulnerability. If the answer is positive, please hurry up to update your system before any sensitive information leaks to hackers. if not, then wait until it does.