There is no surprise that most vulnerabilities and exposures are left unnoticed by the public. However, the recently published news can have an impact on several billion internet users. A number of vulnerabilities that can affect Wi-Fi networks around the world are detected by security researchers.
The investigation “Key Reinstallation Attacks: Forcing Nonce Reuse in WP2” published by researchers Mathy Vanhoef and Frank Piessens, provides information about vulnerabilities I Wi-Fi networks that rely on WPA and WPA2 and explains how any of these Wi-Fi networks can be compromised. It is worth mentioning, that WPA is the standard for any modern Wi-Fi, thus almost every Wi-Fi network worldwide is unsecured and can be KRACKED.
So how the KRACK works?
Operating systems including Windows, Android, macOS, iOS, Linux and some others are vulnerable to this attack, thus basically any machine could be compromised with this attack, known as key reinstallation attack or KRACK.
M. Vanhoef and F. Piessens explained the KRACK attack on an Android 6 device:
Firstly, in order to execute the device, the hacker needs to establish a Wi-Fi network with the same SSID as an original Wi-Fi network. Once the victim connects to the original Wi-Fi, attackers transmit packets in order to switch the device to a different channel, this leads that the victim connects to a false network as well.
Then, applying an error in the execution of the encryption protocols, hackers are able to modify the encryption key to zeroes and gain access to the victim’s device.
On the other hand, there are people who state that there is one more security layer – the encrypted site connection, such as HTTPS or SSL. However, these layers are easy to bypass by hackers, according to the research.
As a result, KRACK allows hackers to access to victim’s logins and passwords in a plain text.
How to protect your data from KRACK attacks?
- Keep in mind that basically, every device is vulnerable to KRACK or any other attack. In order to protect your device and data against KRACK attacks, we provide you some tips:
- Check for a green icon in your browser’s address bar. The icon tells you about encrypted and protected HTTPS connection. The browser defer to HTTP versions of sites if SSLstrip is used against your device, and the green icon won’t appear.
- Always keep your devices updated – most firms issue updates to patch the vulnerabilities or solve problems with key reinstallation.
- Use VPN – VPN provides you another security layer to the device.