HOME
NEWS

A New attack Krack could crack your Network and security...Wi-Fi Vulnerability Affecting WPA


By VARINDIA - 2017-10-22
A New attack Krack could crack your Network and security...Wi-Fi Vulnerability Affecting WPA

Any types of vulnerabilities could cause disaster and most vulnerabilities go unnoticed by the majority of the world’s population even if they affect several million people. But this vulnerability is probably going to affect several billion people all over the world: Researchers have found a bunch of vulnerabilities that make all Wi-Fi networks insecure.



According to researchers, any Wi-Fi network that relies on WPA or WPA2 encryption can be compromised. And with WPA being the standard for modern Wi-Fi, that means pretty much every Wi-Fi network in the world is vulnerable. Researchers have found out that devices based on Android, iOS, Linux, macOS, Windows, and some other operating systems are vulnerable to some variation of this attack, and that means almost any device can be compromised.

 

There is new terminology KRACK(key reinstallation attack) , once this attack is successful, an attacker may take advantage of accessing and tampering network traffic, which may lead to login credentials or any other sensitive data theft or malware injection. The paper reveals that the attack is catastrophic especially against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux and Android devices. Also affected are Apple, Windows, OpenBSD, MediaTek, Linksys, among others. The vulnerabilities in itself are related to the WPA protocol standard which allows the attackers to force the devices to reissue the nonce effectively forcing the devices to initiate Key Reissue Attacks.

 

WEP has been considered to be a flawed encryption and Wi-Fi implementations have always concentrated on implementing WPA Encryption standard so as to ensure a secure Wi-Fi communication channel. However, recently researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have found multiple flaws in WPA encryption which would allow hackers to decode the traffic and inject malicious packets into the secure WPA communications channel.



One may argue that there’s another layer of security - the encrypted connection to a site, e.g., SSL or HTTPS. However, a simple utility called SSLstrip set up on the fake access point is enough to force the browser to communicate with unencrypted, HTTP versions of websites instead of encrypted, HTTPS versions, in cases where encryption is not correctly implemented on a site (and that is true for quite a lot of websites, including some very big ones).



Advisory from Vitaly Kamluk, Director of Global Research and Analysis Team for Asia Pacific, Kaspersky Lab.



1. Update all WiFi client devices (such as smartphones, tablets, personal computers, etc) once security updates become available. This ensures a key is used only once, preventing the attack.

2. Update the firmware of your WiFi router.

3. Changing your Wi-Fi password does not prevent or mitigate this attack. And this type of attack does not help recovering your Wi-Fi passwords. But after updating your devices and router, it's always a good practice to change your Wi-Fi password.

4. If your router does is not configured for automatic updates, please contact your vendor immediately for manual updates. Generally, you can try to mitigate attacks against routers and access points by disabling client functionality and disabling 802.11r (fast roaming). For ordinary home users, your priority should be to update your devices such as laptops, tablets, and smartphones.

5. WPA2 is still encouraged to be used as the safest option.

6. WPA3 is not needed at this time. Implementations can be patched in a backward-compatible manner, meaning a patched client can still communicate with an unpatched access point, and vice versa.

Identifiers:

* CVE-2017-13077

* CVE-2017-13078

* CVE-2017-13079

* CVE-2017-13080

* CVE-2017-13081

* CVE-2017-13082

* CVE-2017-13084

* CVE-2017-13086

* CVE-2017-13087

* CVE-2017-13088

Tags: Krack, Network, security, Wi-Fi, wifi, WPA, WPA2 encryption, cyber security, hacker, key reinstallation attack, Mathy Vanhoef, Frank Piessens, Vitaly Kamluk, Vitaly Kamluk kaspersky lab, varindia, wifi router, wifi password

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA