What You Should Know About the 'KRACK' WiFi Security Weakness

Posted October 18, 2017

Researchers Mathy Vanhoef and Frank Piessens from Belgium's KU Leuven University claim to have discovered a weakness in a Wi-Fi security protocol called WPA2 that leaves password-protected WiFi connections open to cyber-attacks and manipulation. "There is no evidence that the vulnerability has been exploited maliciously", the organization added. This can reportedly be used to gather sensitive information like credit card numbers and the like by attacking the WPA2 security protocol that is known for being the most used method of securing Wi-Fi connections with the help of encryption keys.

An attacker in range of a target's device can exploit weaknesses in WPA2 using key reinstallation attacks (KRACKs), which allows them to view data that's meant to be encrypted. This vulnerability can access devices and WiFi access points (APs) to steal data or infect a protected network, potentially threatening healthcare network security as well. They could also modify intercepted traffic, injecting it with ransomware and other malware. In more risky cases, hackers might be able to "take over" your Wi-Fi connection and add malware to otherwise safe sites, Mashable explained. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The report says such an attack would work "against all modern protected WiFi networks" on operating systems including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and more, the Guardian reports. "But one would need to be careful about using public Wi-Fi", says Bhattacharya, also a "bug bounty" hunter.

The only way to safeguard from KRACK is to update the affected products as soon as upgrades become available.

Passengers Fall Ill After Consuming Food On Mumbai-Bound Tejas Express
According to some of the passengers, they were served breakfast at 9.30 am followed by vegetable tomato soup at noon. The train was stopped at the Chiplun station and all 26 people were admitted to the city's Life Care hospital.

"This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users", the Wi-Fi Alliance wrote in a statement about KRACK. The ideal solution right now would be to unhook these devices from the Wi-Fi network, and check with the manufacturer for KRACK patches.

Sounds great, but in practice a great many products on the CERT list are now designated "unknown" as to whether they are vulnerable to this flaw.

Some readers have asked if MAC address filtering will protect against this attack.