Experts are warning Wi-Fi users of a newly discovered vulnerability with the Wi-Fi Protected Access II (WPA2) protocol that can be used against all modern protected Wi-Fi networks. This includes information such as credit card numbers, passwords, emails, photos, chat messages, and more. In addition, a hacker may be able to use the vulnerability to inject ransomware, malware, or other attack methods by injecting and manipulating the data. These are known as key reinstallation attacks, or KRACKs.
The weakness can expose any product that uses the Wi-Fi standard protocols, meaning that the vulnerability isn’t only found in a specific product or implementation. During a study by KU Leuven, researchers found that the vulnerability has already affected products from Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and more.
According to ArsTechnica, "it works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption."
For more information on KRACK attacks, visit https://www.krackattacks.com/ or you can read the in-depth academic paper here: https://papers.mathyvanhoef.com/ccs2017.pdf. You can also contact us at Info Advantage at (585) 257-8710 to learn more about the vulnerabilities that can be threatening your data, and how to protect your business from cybercriminals.