WPA2 WiFi Encryption Can Now Be Hacked By Anyone
Yes its true WPA2 has now been hacked, but as long as a hacker isn’t specifically looking to spy on your data then you should not worry about it.
Until access points are fixed, all WiFi traffic is at risk, meaning that hackers will be able to eavesdrop on all your WiFi traffic and steal data coming from all sorts of home devices that connect to the internet wirelessly.
For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. This is because Android and Linux can be tricked into (re)installing an all-zero encryption key. When attacking other devices, it is harder to decrypt all packets, although a large number of packets can nevertheless be decrypted.
An attacker within range of a victim can exploit these weaknesses using Key Reinstallation Attacks (KRACKs). The attack works against all modern protected WiFi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
The weaknesses are in the WiFi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available.
Note : If your device supports WiFi, it is most likely affected.
The research paper behind the attack is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and will be presented at the Computer and Communications Security (CCS) conference on Wednesday 1 November 2017.
Although this paper is made public now, it was already submitted for review on 19 May 2017. After this, only minor changes were made. As a result, the findings in the paper are already several months old. In the meantime, they have found easier techniques to carry out key reinstallation attack against the 4-way handshake. With a novel attack technique, it is now trivial to exploit implementations that only accept encrypted retransmissions of message 3 of the 4-way handshake. In particular this means that attacking macOS and OpenBSD is significantly easier than discussed in the paper.
This was discovered by Mathy Vanhoef of imec-DistriNet
For full details on this please visit – https://www.krackattacks.com
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.