Security experts have issued a cyber threat warning that all Wi-Fi enabled devices using WPA2 security protocol are vulnerable to cyber attacks. Experts say that those devices using the above-said protocol are vulnerable to KRACK ( Key Reinstallation Attack) which allows hackers steal data between devices when using Wi-fi network.
According to the researchers of Krebs on Security, the exploit not only exposes users to hackers but also allows the cyber crooks to induce malicious software like ransomware onto the device which increases the severity of the cyber threat.
Technically speaking, KRACK is a bug which allows potential hackers into network traffic, and have access to any personal info that is sent over Wi-fi like photos, emails, videos, files, text messages, and such.
In fact, the flaw can allow attackers to use Key Re-installation Attacks, to steal info such as credit card data, passwords, chat messages, emails, photos and other critical data which is thought to be safely encrypted. The menace doesn’t end here, as hackers can also manipulate the data while being shared from one device to other.
TKU Leuven University researchers who are also conducting a research on this issue have also confirmed that attackers can break into a WiFi network by exploiting a 4-way “handshake” that is usually used to create a key for encrypting traffic. They found in their study that hackers can force key results by collecting and replaying transmissions related to a 3rd handshake, effectively breaking the encryption protocol.
The researchers, however, have confirmed that such attack is first of its kind which doesn’t allow password guessing. They added in their statement that such sort of attacks can help in eavesdropping on traffic flow from the router, but can’t be used to take over the device- which is contradictory to what the researchers from Krebs on Security have suggested.
Security experts say that all data transmitted from 41% of Android devices via WiFi can be decrypted, even if it uses HTTPS protocol for an additional layer of protection. So, Google has promised to fix this issue in next couple of weeks through a security update. Until then it is recommending all its Android OS users to avoid public WiFi services.
Note- Internet companies who sell internet-connected products like Linux, Windows, Android, Apple, OpenBSD, MediaTek, Linksys are all vulnerable to the said attack until their devices run on unpatched OS versions.
