Flaw in Wi-Fi security protocol puts millions of devices at risk
A Belgian researcher has discovered a vulnerability that hackers can use to steal and manipulate data.
A Belgian cybersecurity researcher has found a flaw that can be used to hack into any device that uses Wi-Fi. The flaw discovered by Marty Vanhoef of KU Leuven is so serious that the United States Department of Homeland Security has issued an official warning.
At the moment, Wi-Fi Protected Access 2 is the current industry standard that encrypts traffic on Wi-Fi networks and keeps hackers out, reported Wired. Vanhoef discovered that the flaw in WPA2’s cryptographic protocols could be exploited to read and steal data. He said that in certain situations hackers can either manipulate data on a Wi-Fi network or enter new data.
The weakness is present in the WPA2 protocol’s “four-way handshake”, which determines whether the credentials of a user attempting to join a network and the access point offering the network match. The procedure, Wired reported, also generates a new encryption key – the third in the four-step process – to protect the user’s session. The vulnerability allows a hacker to tamper with this third message and reinstall a cryptographic key that has already been used using what Vanhoef calls a Key Reinstallation Attack, or Krack.
The only limitation that a hacker faces is that he or she needs to be physically within the range of a particular Wi-Fi network to carry out the attacks.
Tech companies have rushed to fix this vulnerability. Microsoft has already issued a patch for Windows that fixes it, while Apple is going to roll out an update in a few weeks, reported CNET.