According to some recent reports, millions of Wi-Fi users around the globe might be twitching. Hot off the press, the security protocol protecting the majority of modern Wi-Fi networks, WPA2, has been cracked.
This means that traffic shared over countless wireless networks globally will become an easy target for hackers and other malicious users looking to obtain sensitive information.
Biggest Internet Security Threat Ever?
Details of the latest vulnerability discovered in the WPA2 protocol have until this point not been shared with the public. The breach was discovered by the group of researchers who developed KRACK, pointedly spelled with a K and an acronym for Key Reinstallation Attacks.
[Cyberhub Summit Coming to Austin, Tx | May 3, 2018 - Cyber Security education for executives and business owners, Exclusive Dinner and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]
According to the loose explanation given so far, these researchers were able to take advantage of serious weaknesses in WPA2 protocol, allowing attackers to access and read information transferred through the network. Until now, it was believed that this information was encrypted, but it seems KRACK can find a way around it.
The important thing to understand is that the weaknesses KRACK take advantage of aren’t inherent to any particular device or a group of devices, but are rather imbedded in the WPA2 protocol itself. This means that all devices using Wi-Fi can potentially come under attack.
Due to this, some experts have described the vulnerability as potentially one of the biggest threats to online security ever. With so many devices relying on Wi-Fi, if security flaws are similar to the ones found in previous standards such as WEP, this will produce serious problems on a global level.
Too Early to Panic
However, most experts agree that it is still too early to go into full-panic mode. While more details will be revealed soon, during the presentation aiming to demonstrate the proof of concept, the idea of KRACK sounds more dangerous than it currently is.
In many instances, people using Wi-Fi networks are accessing secure sites, meaning that the WAP2 protocol isn’t the only thing standing between them and hackers. There are additional layers of security, which should help protect the information from prying eyes.
That said, this is certainly not welcome news for regular people and businesses all over the world. The WAP2 security protocol has been generally considered the most secure way to encrypt information sent over wireless networks. Earlier solutions have already been proven ineffective and if WAP2 follows suite, the road ahead appears very bumpy.
As mentioned, connections to secure websites are still safe, as they are protected by Virtual Private Networks (VPN) and SSH. However, malicious types implementing KRACK could intercept, steal, and modify data sent to and from any insecure websites (lacking the HTTPS support). Similarly, home Wi-Fi networks usually lack adequate protection and could become easy targets.
While no devices are completely immune to KRACK attacks, those operating on Linux and Android 6.0 (Marshmallow) seem to be more exposed because of an already existing bug in the encryption. Windows and iOS devices are currently the most resilient to these attacks, as they don’t implement the WPA2 protocol fully, which helps them avoid the weakness.
We are going to have to watch this space for further updates and hope that someone is looking to fix this particular 'KRACK.'
By James Azar on 3/29/18
Article first reported at CyberHub Summit