A recent weakness has been discovered in the WPA2 Wi-Fi protocol.
Attackers are using a method called KRACK (Key Reinstallation Attack) to exploit the weakness on a wide range of devices.
The attack works against all WPA2 Wi-Fi protected networks and can even lead to data injection and manipulation.
This poses a serious threat as attackers can use this weakness in WPA2 to steal information such as passwords, credit cards, emails, and more.
Common affected devices include Linux, Apple, Windows, & Linksys.
It is highly recommended to check for any firmware updates for owned devices.
Refer to this link to check for affected devices: Computer and Communications Security (CCS)
The following video explains in depth how to KRACK attack works against an android smartphone.
Linux , Android, & Mac devices seem to be most vulnerable to this attack due to a bug that allows the devices to install an all-zero key.
If you are the owner of an affected device, it is recommended to check for software patches and firmware updates and to implement the use of a VPN (Virtual Private Network).
A VPN can render this attack useless or ineffective by encrypting all network traffic or data in a VPN tunnel. If connected to a public Wi-Fi, a VPN should be used regardless of the security type of the network.
Windows has released an update to protect their customers as of October 10th of 2017.
Google has published a patch for Google Pixel and Nexus android devices as of November 7th, 2017.
Other Android and linux devices still remain vulnerable at this time.
If you are using an android smartphone, it is suggested to not use public wireless networks unless browsing with a VPN or to just stick with your mobile network until a patch is released.
More information on the KRACK attack and the tools used can be found by following the links below.
Click the button below to get started with a free consultation from Ethical Tech. Learn how you can better protect your network from attacks like these!