Wi-Fi flaw could leave your router wide open to attack

Illustrator by Alex Castro  The Verge

Illustrator by Alex Castro The Verge

The warning issued is stark, saying that nearly all implementations are affected.

The research paper can be downloaded from here (PDF), additional information on the vulnerability and the researchers on the Krack Attacks website. The researchers presenting the talk are Mathy Vanhoef and Frank Piessens of KU Leuven and imec-DistriNet, Maliheh Shirvanian and Nitesh Saxena of the University of Alabama at Birmingham, Yong Li of Huawei Technologies in Düsseldorf, Germany, and Sven Schäge of Ruhr-Universität Bochum in Germany.

"Free Software community has a wide range of networking software that enables manipulation of Wi-Fi traffic".

An attacker can force these nonce resets by collecting and replaying retransmissions of message three of the 4-way handshake.

Attackers create a script that finds a WPA2 network, then make a carbon copy of it and change the WiFi channel.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. "Essentially, to guarantee security, a key should only be installed and used once".

In the attack the encryption of a WPA2 connection is simply bypassed.

#MeToo: Twitter trembles as women share their sexual harassment stories
Celebrities and government officials were not the only women who joined the movement. On Sunday afternoon, Milano took to Twitter to announce an idea a friend gave her.

China understands that India is no more weak: Rajnath
India and China were recently involved in a 72-day standoff in Doklam, a Himalayan plateau at their tri-junction with Bhutan. The Union home minister also took the opportunity to slam Pakistan for "sending terrorists" to India.

WWE signs first female Arab wrestler
She will be joined by the WWE's first ever Middle-Eastern female wrestler, Shadia Bseiso from Jordan. Salwar kameez clad Kavita whose videos took internet by storm hails from Haryana.

The main flaw the researchers discovered affects the key, and is achieved by "manipulating and replying cryptographic handshake messages". The attack includes the but is not limited to recovering login credentials (ie, email addresses and passwords).

The vulnerability allows criminals to hack into a password-protected network.

However, those sites without HTTPS should probably be considered insecure and any data going to them across a Wi-Fi connection lacks the additional encryption and is likely open to interception.

US-CERT (Computer Emergency Readiness Team) has already issued an advisory that warns: "US-CERT has become aware of several key management vulnerabilities in the four-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol".

It's worth noting that for hackers to exploit the vulnerability they need to be in close proximity to the Wi-Fi connection they're targeting, though some connections have pretty strong signals meaning a hacker could theoretically access your Wi-Fi connection from across the road or from an neighbouring house.

If you're anxious about your security, various solutions can help you mitigate the problem while you wait for hardware companies to update router firmware. However, older devices do not get the latest security updates anymore and are likely to be vulnerable. "Here, they may go through the same procedure; too many people never check or implement router updates as it's something often too complicated for the home user to be involved in".

Latest News