There is an extremely worrying vulnerability that is possible of affecting nearly every device that uses Wi-Fi. Details were revealed that a major Wi-Fi Protected Access 2 (WPA2) security flaw allows hackers to eavesdrop and even hijack all of your activities on the internet. The vulnerability happens during the process of negotiating the encryption keys used by the client and access point. Hackers could steal sensitive information such as credit card numbers, passwords, emails, messages, and photos.
The attack is called “KRACK” (Key Reinstallation Attack) and researchers discovered the possibilities of the malicious cyber attack on Monday. The malicious hacker does have to be in range to a execute the attack. The cyber attacks, which could potentially affect every router, smartphone, and PC, may even allow the hacker to install ransomware and other malware into websites.
Forbes explains how the hack works:
KRACK sees a hacker trick a victim into reinstalling an already-in-use key. Every key should be unique and not re-usable, but a flaw in WPA2 means a hacker can tweak and replay the “handshakes” carried out between Wi-Fi routers and devices connecting to them; during those handshakes, encryption keys made up of algorithmically-generated, one-time-use random numbers are created. It turns out that in WPA2, it’s possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.
The video below demonstrates how the attack takes place.
The researchers said Android and Linux users were particularly at risk for more severe attacks. Versions Android 6.0 and above contain a vulnerability that researchers say “make it trivial to intercept and manipulate traffic sent by these Linux and Android devices.” They claim that 41% of Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack. However, researchers warned that all modern Wi-Fi networks using WPA or WPA 2 encryption are at risk. Meaning that besides Android and Linux, devices that utilize macOS, Windows, iOS are also susceptible to KRACK.
A firmware change can require routers to demand a dedicated certificate for each handshake, instead of using one that is already generated. KRACK is a client-based attack, so you will see companies rolling out patches to combat the attack. Google said they are “aware of the issue,” however, there won’t be a patch until “the coming weeks.” Any full-featured Wi-Fi implementation will probably require patching in several places. Until the patches are available, it’s probably worth updating your router firmware and all client devices to the latest security fixes to guard against the attack.