Sunday was taken over with an air of unease in the security concerned departments as intense vulnerabilities attached with Wi-Fi Protected Access II (WPA2) protocol (which is generally the default security protocol) were discovered. These were disclosed on Monday morning to the whole world.
The vulnerabilities make the data shared between the WiFi access points and computers susceptible to eavesdropping.
This means that everyone in the world who is using Wi-Fi can be easily hacked and all of their info can be retrieved even if it is encrypted or password protected. The only safe ones are encrypted connections via SSH or VPNs.
Key Reinstallation Attacks (KRACK)
KRACK-Key Reinstallation AttaCKs are the cause behind exploitations of user data.
The vulnerabilities of the protocol were brought into attention by a website that added the list of operating systems at risk:
- MediaTek Linksys
- Android
- Windows
- Linux
- and OpenBSD
- Apple
The website also highlighted that data encrypted using the Wi-Fi encryption protocol WPA2 is also at risk of being easily decrypted by the attackers.
The attack is capable of penetrating its way through all modern protected Wi-Fi networks and in addition to being used “to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” can also be used for injecting and manipulating data, such as malware or ransom-ware.
The video below shows an attacker taking over Google’s operating system – Android:
Using HTTPS Does Not Eliminate the Risk
The researchers warned the users of the risk involved even when using HTTPS, which is an added layer of protection protocol. They highlighted several situations where this added layer of protection had not proven to secure user’s data.
“For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in banking apps, and even in VPN apps,” stated the website.
Linux and Android are most susceptible to such attack, allowing attackers to decrypt content within the system in a matter of seconds. iOS and Windows, on the other hand stand a better chance at protecting themselves from potential harm.
While patches for Linux and Windows are available, it is hard to say anything about their availability for various distributions and Wi-Fi access points.
The Disclosure
According to US-CERT:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
The vulnerabilities will be displayed formally on November 1, in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, held in Dallas, while the website krackattacks.com has informally disclosed them on Monday.
What’s At Stake?
While patching existing access points is time consuming, some Wi-Fi access points may never be patched at all.
If preliminary reports turn out to be an accurate representation of the anticipated risk, the attackers might be able to tamper with Dynamic Host Configuration Protocol (DHCP) settings, unlocking the hacking regime to using users’ Domain Name Service (DNS).
In short, all user data and online communication can be hacked and released publicly.
How to Avoid It?
Since the issue lies in the Wi-Fi protocol, there is not guaranteed solution to this problem.
It is hard to state the severity of attacks posed to the users, it is advised that users add more layers of security by encrypting their Web and email traffic using Secure Shell, STARTTLS, HTTPS, and other reliable protocols. An additional security measure could be a virtual private network.
Via arsTechnica
It’s Easy to Hack Any WiFi : Main Apne Areas Main WiFi Hack Kar Sakta Ho Aur Kabhi Kabhi Chalata Bhi ho : Apps Se Jo K Andriod Play Store Pe Available Hai
Aur Kai Month Ho Gaye :
Chor hO ye tO shakal se he zaahir hOta tha bt itne ‘CHINNI CHOR’ hO ye aj tlne khuD PUBLICALY bta dia..
TauBa h..
WiFi B chorrii kr k use krta h ye bndaaa..
KaHan se aya h ye..??
R kitne FAKHAR se bta ra h yaHan jaise ktna bdaa KARNAAMA sir anjaam dta rhaa h..
I’ve DoDear ISP But Jab Bijlee Jati hai Tab Use Karta ho Kabhi Kabhi It’s Art : It’s Professional
Konsa art hai chori ka net use krna?
Han main bhi krta hun,, PTCL BB aaraam say hojata hai
Ha Main Bhi PTCL BB Ka He Karta ho Ye to Easy Ho Jata hai Bakio Main Time Lagta hai
Kounsi app se easily kartay ho tum? Apnay karnamo pe roshni dalo zara.
Main wifi manager app use kr k MAC address uthata hun or kali linux say hack,,, terminal say b kaam hojata hai,,, ubuntu centOS etc
Exactly..!!
ChOrrii B 1 Art he h mre BHaii jO hr ksii k pass nh hOtaa..
:P
Jo baat hai ?
Please teach us the method, too.
Chori k WIFI se Internet use karne ka jo maza hay wo pesay dekar net use karne me kaha.
Free WiFi ko gee bhar k use kartay raho
Ye Bat : Hum Na Ho Hamare Bad !
Not surprised that you hate any religion, advocate atheism as unlike any religion it lacks ethics.
I never advocate atheism. I simply promote humanity, love and truth.
Human life must have more value and dignity than any religion.
Humans have suffered enough at the hands of religions.
Religions are the biggest obstacles in the way of prosperity and advancement of humans.
21st century is the era of science, reality and love for all humans alike.
Sahee to hai… Jaisay awaam waisay hukamraan….jiss ka jitna daa lagta hai wo kaam dikha daita hai.
Damn True..!!
Phr bd m khty h k Hukmaran aese h waise h..
Phle khd kO chnG krO wrnaa isii trH Kutty, Billi LiOn k shakal m milty rahenGe..
Apple be operating system hai? Pta e ni c menu.. Thanks ?