KRACK, a severe flaw discovered in the Wi-Fi Protected Access II (WPA2) protocol



WPA2, the encryption standard that secures all modern Wi-Fi networks has been cracked. An attacker could read all information within range of a victim using key re-installation attacks (KRACKs).

KRACK’s affected device includes Windows, Apple, Android, Linux. Indeed, a sense of satisfaction can develop as the KRACK attack isn’t that easy to implement even though it causes a threat to many devices. It isn’t easy to fix because it exploits a fundamental loophole in the way WPA2 key re-installation occurs.

The flaw in WPA2 discovered by Mathy Vanhoef, a postdoc security researcher from Belgian university KU Leuven.

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. Attackers can use this novel attack technique to read information that previously assumed to safely encrypt. This can abuse to stealing sensitive information such as credit card numbers, passwords, chat messages, emails, photos. The attack works against all modern protected Wi-Fi networks.

Wi-Fi networks

The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 likely affected. If the user device supports Wi-Fi, it mostly affected. During our initial research, we discovered Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys is affected.

The networking hardware makers Linksys and WeMo aware of the recently known security exploit and any information will update on their security advisory page. Netgear also aware of the KRACK attack. Their security advisory details the list of affected devices and the method to update the firmware.

Apple says the security vulnerability has fixed in the beta versions of the next software updates to iOS, macOS, watchOS, and tvOS. These releases can expect this month.

Wi-Fi Alliance has released a vulnerability detection tool for its members and it requires testing for this vulnerability within their global certification lab network. Other than smartphones and computers, the user should take measures to update other Wi-Fi enabled devices.

More information: [KRACK attack]