Skip to main content

Security Alert: Your Wi-Fi Can Now Be Easily Hacked


Sunday was taken over with an air of unease in the security concerned departments as intense vulnerabilities attached with Wi-Fi Protected Access II (WPA2) protocol (which is generally the default security protocol) were discovered. These were disclosed on Monday morning to the whole world.

The vulnerabilities make the data shared between the WiFi access points and computers susceptible to eavesdropping.
This means that everyone in the world who is using Wi-Fi can be easily hacked and all of their info can be retrieved even if it is encrypted or password protected. The only safe ones are encrypted connections via SSH or VPNs.

Key Reinstallation Attacks (KRACK)

KRACK-Key Reinstallation AttaCKs are the cause behind exploitations of user data.
The vulnerabilities of the protocol were brought to attention by a website that added the list of operating systems at risk:
  • MediaTek Linksys
  • Android
  • Windows
  • Linux
  • and OpenBSD
  • Apple
The website also highlighted that data encrypted using the Wi-Fi encryption protocol WPA2 is also at risk of being easily decrypted by the attackers.
The attack is capable of penetrating its way through all modern protected Wi-Fi networks and in addition to being used “to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” can also be used for injecting and manipulating data, such as malware or ransom-ware.
The video below shows an attacker taking over Google’s operating system – Android:

Using HTTPS Does Not Eliminate the Risk

The researchers warned the users of the risk involved even when using HTTPS, which is an added layer of protection protocol. They highlighted several situations where this added layer of protection had not proven to secure user’s data.
“For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in banking apps, and even in VPN apps,” stated the website.
Linux and Android are most susceptible to such attack, allowing attackers to decrypt content within the system in a matter of seconds. iOS and Windows, on the other hand, stand a better chance at protecting themselves from potential harm.
While patches for Linux and Windows are available, it is hard to say anything about their availability for various distributions and Wi-Fi access points.

The Disclosure

According to US-CERT:
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
The vulnerabilities will be displayed formally on November 1, in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, held in Dallas, while the website krackattacks.com has informally disclosed them on Monday.   

What’s At Stake?

While patching existing access points is time-consuming, some Wi-Fi access points may never be patched at all.
If preliminary reports turn out to be an  accurate representation of the anticipated risk, the attackers might be able to tamper with Dynamic Host Configuration Protocol (DHCP) settings, unlocking the hacking regime to using users’ Domain Name Service (DNS).
In short, all user data and online communication can be hacked and released publicly.

How to Avoid It?

Since the issue lies in the Wi-Fi protocol, there is not guaranteed solution to this problem.
It is hard to state the severity of attacks posed to the users, it is advised that users add more layers of security by encrypting their Web and email traffic using Secure Shell, STARTTLS, HTTPS, and other reliable protocols. An additional security measure could be a virtual private network.

Comments

Post a Comment

Popular posts from this blog

Develop your own game by learning these free courses

We recently recommended courses you should learn before you will launch your first startup in order to avoid some common mistakes. In Quick Tips today, we’ll recommend you some free courses that will help you make your first game and begin your career as a developer. Before we highlight the details of the courses you ought to take, here are some introductory courses which will prepare you to learn these courses more effectively; Java Programming Basics  – Prepare yourself for programming on Android and the Web Introduction to JavaScript  – Create animations and understand variables and strings. When you have gone through those courses above then proceed to ones given below to develop your first game: 1. Create a 2048 game in just 1 day For those who have zero experience in programming and don’t want to take the above courses, then enroll in this course from Udacity. You will learn the basics of HTML and CSS as well as their interaction with JavaScript. ...
Post a Comment
Read more

Honda Launches the CR-V SUV in Pakistan

The 2018 Honda CR-V has been launched in Pakistan and it looks charming. Honda has finally launched the 2018 Honda CR-V in Pakistan. This Sports Utility Vehicle (SUV) has proven to be pretty popular around the world with an average of 300,000 units sold annually. In Pakistan, the Honda CR-V is gaining the popularity and attention of local auto enthusiasts. Honda CR-V 2018 was recognized as ‘2018 Motor Trend SUV of the year’ recently as well. The international model of CR-V has these four variants: Honda CR-V LX (Standard), Honda CR-V EX, Honda CR-V EX-L, Honda CR-V Touring. The CR-V offers pretty great features when you look at it. Let's take a look at what Honda Compact Recreational Vehicle (CR-V) has to offer. Exterior Because of its shiny new sporty-looking exterior, the vehicle is placed in small sports utility vehicle’s category. The exterior, no doubt, makes you want to look twice as some modifications to the previous model have been made. ...
Post a Comment
Read more

The upgraded Google News app is now available on iOS and Android

One of the more intriguing announcements at Google IO 2018 was of  a new Google News app  to take the place of the Google Play NewsStand, which was initially launched in 2013.  After describing the new Google News app  in a dedicated page for the app on its website, Google has now officially released the app on the  App Store  and  Google Play . Google Play NewsStand was used as a resource to get news around the world. The news would be of every category, even the news which doesn’t interest the user. Whereas with this new Google news app, the artificial intelligence of Google shows you the news you want to see, which you usually search for on Google. According to Google , the Google News app now  “uses a new set of AI techniques to take a constant flow of information as it hits the web, analyze it in real time and organize it into storylines.”  Artificial intelligence(AI) gives the app an ability to process and sort the news from...
Post a Comment
Read more