Bad news for Android and Linux users: the WPA2 encryption protocol has potentially been hacked, according to rumors.
As a result, hackers can potentially crack your Wi-Fi password, monitor your browser activity, and take over unprotected or unencrypted information streams, including videos from a home security camera to the cloud or passwords from non-HTTPS sites.
WPA2 was established 13 years ago. This activity’s proof-of-concept is nicknamed as Key Reinstallation Attacks (KRACK). The CVE highlighting the security vulnerability was published on Monday on krackattacks.com. The website also provides more information about the methodology of the attacks from a security professional Mathy Vanhoef at imec-DistriNet.
According to the security expert who launched the paper on KRACK,
“The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
The video below demonstrates Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 discovered by M. Vanhoef and illustrates the hack against a device running Google’s Android operating system:
The video reveals how the hacker decrypts all the information which the device transmits to the access point. The infected phone is forced to reinstall an encryption key which includes all zeros instead of the real key. This attack is extremely effective on those platforms and also is able to work on LINUX.
So, you might not be attacked yet but your Wi-Fi is not protected and could be easily hacked until the manufacturer of your router provides you with a security update. Browsing most of the HTTPS sites shouldn’t cause you any problems, but any texts sent from your devices could be collected by hackers. You are strongly advised to use VPN to increase your Wi-Fi protection.
According to Microsoft advisory, users who have vulnerable access points should also use the patch which should fix the issue and Windows users should install the patch as soon as possible. Moreover, to increase your Wi-Fi protection, Microsoft also advises to download new Wi-Fi device drivers together with Windows fix.
Additionally, you should look for alternative security solutions for all your smart home devices because hackers are capable of stealing and changing passwords on your alarm systems and locks depending on their configurations.