Rahul Jamgade
Rahul Jamgade
Information Technology
21 Oct 2017

Beware...Wifi Network with WPA2 is compromised!

This attack is known as KRACK (Key Reinstallation Attacks).The attack is discovered by Mathy Vanhoef and Frank Piessens of imec-DistriNet, KU Leuven university of Belgium.

An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).
In addition to sniffing the traffic , it is also possible to inject and manipulate the data thereby inserting malware. The attack works against all modern protected Wi-Fi networks.
As the weaknesses are in the Wi-Fi standard itself and not in individual products or its implementations and therefore even the device with correct WPA2 implementation may get affected.
During initial research, the researchers observed that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

Also the researchers suggested that about 41 percent of Android devices are vulnerable to an “exceptionally devastating” version of the attack.

Microsoft has provided patch for the affected products and it is suggested to update your system.Also Apple said "Apple confirmed it has a fix in beta for iOS, MacOS, WatchOS and TVOS, and will be rolling it out in a software update in a few weeks." as per media reports. Many major vendors will be coming up with the updates sooner than later, that includes google.

To prevent the attack, users must update affected products (wireless clients and )as soon as security updates become available.As a better solution at this moment is to use LAN rather than Wifi and also avoid using Wifi in public places till the devices are patched.
21 Oct 2017
Thanks, @Rahuljam . Is there any way to address this issue if the firmware upgrade is not available?
Rahul Jamgade

Rahul Jamgade

Information Technology
21 Oct 2017
Kaustubh Katdare
Thanks, @Rahuljam . Is there any way to address this issue if the firmware upgrade is not available?
Not Really at this moment except the fact that one would avoid using wifi itself till we get patches. However the tool is yet to be made available for public consumption that can exploit the vulnerability.The tool may be available once the vendor gets sufficient time to patch the issue (as a standard practice). More details will be presented at the Computer and Communications Security (CCS) conference in November.
However it remains to be seen what happens to the devices and products that are old or those that are no longer supported by the vendors.
vanshanu

vanshanu

Branch Unspecified
26 Mar 2018
Check the new Wifi protocol. What is WPA3

Share this content on your social channels -

Only logged in users can reply.