Digital security researchers publicly reveal vulnerability in WPA2 WiFi protocol
October 20, 2017, 3:00:01 CEST | Wikinews

Thursday, October 19, 2017 


Related articles

19 October 2017: Digital security researchers publicly reveal vulnerability in WPA2 WiFi protocol
19 May 2017: 17 million accounts' hashed passwords, emails stolen, Zomato says
28 April 2017: Debian to shutdown public File Transfer Protocol services
8 April 2017: GNOME to be Ubuntu's default desktop environment, Canonical to stop investing in Ubuntu Phone
10 December 2016: Telegram introduces bidirectional IFTTT integration


Pillars of Wikinews writing
Writing an article

On Monday, digital security researchers Mathy Vanhoef and Frank Piessens of Belgium's KU Leuven university publicly disclosed a security vulnerability in the WPA2 Wi-Fi (wireless local-area networking) protocol, which they called KRACK (for Key Reinstallation Attack). Their study claimed KRACK affects every modern device using WiFi; it can be fixed by a software update, researchers said.

Vanhoef wrote, "Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on." Vanhoef notified vendors about the flaw in July, including UNIX-like operating system OpenBSD. "If your device supports wifi, it is most likely affected. [...] In general, any data or information that the victim transmits can be decrypted", he wrote.

The study papers, which were submitted for review on May 19, were kept in confidence allowing companies to fix the security flaw. The United States-based Computer Emergency Response Team (CERT) informed vendors on August 28. The Wi-Fi Alliance said it "could be resolved through a straightforward software update." OpenBSD released their software patch on August 30.

Exploring the flaw which affected every device the researchers had tested, National Cyber Security Centre of the UK said "the attacker would have to be physically close to the target". But due to this flaw, an attacker can send malware or ransomware on the websites, Vanhoef claimed.

Linux-based operating systems including Android v6.0 and higher are especially affected by this flaw, while Windows and iOS are not as vulnerable as Android by this flaw as they do not fully implement WPA2.

Microsoft reportedly has released security patches for Windows 7, 8, 8.1 and 10. Google said Android operating systems would receive the updates in the software update scheduled to be made available on November 6. Apple has implemented the patch in the beta versions of their operating system iOS, macOS, tvOS and watchOS, however it is yet to roll out patches for stable operating systems.

WPA2 protocol has been used for more than a decade, and has been compulsory for WiFi since 2006. KRACK would also affect various home appliances which can be controlled over WiFi, within the so-called "Internet of things". Andrew Martin from Oxford University said, "We can be sure a lot of these devices won’t be patched[...] Whether that matters for this attack or only for some future attack is yet to be seen."

The study and its findings are scheduled for presentation at the ACM Computer and Communications Security conference on November 1.

Have an opinion on this story? Share it!


"KRACK Attacks: Breaking WPA2" — KRACK, October 19, 2017 (date of access)
Richard Gray. "Google and Apple yet to fix Wi-Fi hole in a billion devices" — New Scientist, October 18, 2017
Romain Dillet. "Microsoft already published a KRACK fix, Apple and Google are working on it" — TechCrunc, October 17, 2017
Alex Hern. "'All wifi networks' are vulnerable to hacking, security expert discovers" — The Guardian, October 16, 2017
"Wi-Fi security flaw leaves passwords exposed, say experts" — Deutsche Welle, October 16, 2017

External link[edit]

Mathy Vanhoef and Frank Piessens. "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" —  October 19, 2017 (date of access)

Share this: 

Source: Wikinews
Share this article:
share article on facebook share article on twitter share article on google+ share article on tumblr share article on blogger share article on reddit

Articles that may interest you:

Open source game developer Perttu Ahola talks...

Tuesday, June 30, 2020  Recently, Finnish open-source video game developer Perttu Ahola dis...

Benin, Nigeria join African Union continental...

Wednesday, July 10, 2019  African Union Related articles 10 July 2019: Benin, Nigeria ...

Berlin court: neutrality law above German rel...

Saturday, May 12, 2018  Crime and law Related articles 12 May 2018: Berlin court: neutra...
Send us your articles and web-novels!
comments powered by Disqus
Most popular

Recently Viewed:

Digital security researchers publicly reveal vulnera...

Thursday, October 19, 2017  Computing Related articles 19 October 2017: Digital secur...

Saudi Arabia executes 47 people as 'terrorists'

Some of those executed were reportedly Al-Qaeda militants behind terrorist attacks. Before t...

Fallen power cable kills 26 in Congo-Kinshasa

Friday, February 4, 2022  Kinshasa province within DR Congo.Image: User:Profoss / User:N...

DR Congo: Train crash kills more than 30 in Lualaba ...

Disasters and accidents Related articles 15 November 2017: DR Congo: Train crash kills mo...

Gunman kills three, wounds several others in Tel Avi...

Saturday, April 9, 2022  Israel Related articles 9 April 2022: Gunman kills three, woun...

Reviews | Technology | Projects & Tuning | Events | Racing
Business & Technology
Business & Economy | Mobile | Internet & Media | Security & Privacy | Gadgets & Tech | Software
Health, Food & Fitness | Fashion | Gardening | DIY | Homes
Accidents | Crime | Culture | Finance | Politics
Science & Environment
Wildlife | Green | Space
Accidents | Crime | Culture | Finance | Politics
Copyright & Privacy | Site Roadmap | Sitemap | Contact
Web Development @ OverHertz Ltd