Digital security researchers publicly reveal vulnerability in WPA2 WiFi protocol
October 20, 2017, 4:00:01 CEST | Wikinews

Thursday, October 19, 2017 


Computing



Related articles


19 October 2017: Digital security researchers publicly reveal vulnerability in WPA2 WiFi protocol
19 May 2017: 17 million accounts' hashed passwords, emails stolen, Zomato says
28 April 2017: Debian to shutdown public File Transfer Protocol services
8 April 2017: GNOME to be Ubuntu's default desktop environment, Canonical to stop investing in Ubuntu Phone
10 December 2016: Telegram introduces bidirectional IFTTT integration


Collaborate!


Pillars of Wikinews writing
Writing an article



On Monday, digital security researchers Mathy Vanhoef and Frank Piessens of Belgium's KU Leuven university publicly disclosed a security vulnerability in the WPA2 Wi-Fi (wireless local-area networking) protocol, which they called KRACK (for Key Reinstallation Attack). Their study claimed KRACK affects every modern device using WiFi; it can be fixed by a software update, researchers said.

Vanhoef wrote, "Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on." Vanhoef notified vendors about the flaw in July, including UNIX-like operating system OpenBSD. "If your device supports wifi, it is most likely affected. [...] In general, any data or information that the victim transmits can be decrypted", he wrote.

The study papers, which were submitted for review on May 19, were kept in confidence allowing companies to fix the security flaw. The United States-based Computer Emergency Response Team (CERT) informed vendors on August 28. The Wi-Fi Alliance said it "could be resolved through a straightforward software update." OpenBSD released their software patch on August 30.

Exploring the flaw which affected every device the researchers had tested, National Cyber Security Centre of the UK said "the attacker would have to be physically close to the target". But due to this flaw, an attacker can send malware or ransomware on the websites, Vanhoef claimed.

Linux-based operating systems including Android v6.0 and higher are especially affected by this flaw, while Windows and iOS are not as vulnerable as Android by this flaw as they do not fully implement WPA2.

Microsoft reportedly has released security patches for Windows 7, 8, 8.1 and 10. Google said Android operating systems would receive the updates in the software update scheduled to be made available on November 6. Apple has implemented the patch in the beta versions of their operating system iOS, macOS, tvOS and watchOS, however it is yet to roll out patches for stable operating systems.

WPA2 protocol has been used for more than a decade, and has been compulsory for WiFi since 2006. KRACK would also affect various home appliances which can be controlled over WiFi, within the so-called "Internet of things". Andrew Martin from Oxford University said, "We can be sure a lot of these devices won’t be patched[...] Whether that matters for this attack or only for some future attack is yet to be seen."

The study and its findings are scheduled for presentation at the ACM Computer and Communications Security conference on November 1.



Have an opinion on this story? Share it!



Sources[edit]

"KRACK Attacks: Breaking WPA2" — KRACK, October 19, 2017 (date of access)
Richard Gray. "Google and Apple yet to fix Wi-Fi hole in a billion devices" — New Scientist, October 18, 2017
Romain Dillet. "Microsoft already published a KRACK fix, Apple and Google are working on it" — TechCrunc, October 17, 2017
Alex Hern. "'All wifi networks' are vulnerable to hacking, security expert discovers" — The Guardian, October 16, 2017
"Wi-Fi security flaw leaves passwords exposed, say experts" — Deutsche Welle, October 16, 2017

External link[edit]

Mathy Vanhoef and Frank Piessens. "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" —  October 19, 2017 (date of access)






Share this: 

Source: Wikinews
Share this article:
share article on facebook share article on twitter share article on google+ share article on tumblr share article on blogger share article on reddit

Articles that may interest you:


German Bundestag votes for same-sex marriage

Monday, July 3, 2017  Crime and law Related articles 3 July 2017: German Bundestag vote...
Send us your articles and web-novels!
comments powered by Disqus
Most popular


Recently Viewed:


Digital security researchers publicly reveal vulnera...

Thursday, October 19, 2017  Computing Related articles 19 October 2017: Digital secur...


Football: Robben retires from international football...

Friday, October 13, 2017  Football Related football news 13 October 2017: Football: R...


Poland: 27-year-old arrested in Stalowa Wola for sta...

Saturday, October 21, 2017  Crime and law Related articles 21 October 2017: Poland: 27-y...


Italian footballer Andrea Pirlo announces retirement

"As my time in NYC FC comes to an end, I want to thank everybody for the kindness and suppor...


Manchester United sacks van Gaal after winning FA Cup

On Monday, English football club Manchester United sacked their manager Louis van Gaal just ...

Automotive
Reviews | Technology | Projects & Tuning | Events | Racing
Business & Technology
Business & Economy | Mobile | Internet & Media | Security & Privacy | Gadgets & Tech | Software
Lifestyle
Health, Food & Fitness | Fashion | Gardening | DIY | Homes
Society
Accidents | Crime | Culture | Politics | Finance
Science & Environment
Wildlife | Green | Space
Gaming
Reviews
Society
Accidents | Crime | Culture | Politics | Finance
Travel
MM-iNEWS
Copyright & Privacy | Site Roadmap | Sitemap | Contact
Web Development @ OverHertz Ltd
Ω