Wi-Fi WARNING - Almost all devices vulnerable to hackers
Every Wi-Fi device you own Almost ALL phones, tablets and PCs vulnerable to this devastating cyberattack | WARNINGHACKERS can target almost ANY smart device around the world thanks to a vulnerability in WPA2 Wi-Fi security. Here's everything you should know about this threat.
A severe weakness discovered in the WPA2 Wi-Fi protocol means all of your internet-connected devices—laptops, smartphones, tablets, TVs, and more—are vulnerable to a devastating attack.
The vulnerability in the WPA2 security protocol leaves virtually everyone who connects to the internet via Wi-Fi at risk of devastating attacks that can reveal everything you do online as well as your most sensitive personal information.
Apple iOS, Windows, Android and any smart device that uses Wi-Fi are all at risk of an attack, cybersecurity experts have warned today.
The newly discovered KRACK exploit affects the WPA2 security protocol, a standard for Wi-Fi security used on almost every Wi-Fi router.
Attackers in range of your devices can use Key Reinstallation Attacks, or KRACKs, to steal your credit card numbers, passwords, chat messages, emails, photos, and other personal information previously thought to be safely encrypted. The vulnerability also lets attackers inject and manipulate data by adding ransomware or malware onto a website. The flaws were found in the protocols that secure all modern WiFi networks, which means it doesn’t only impact specific products, but every device capable of connecting to WiFi.
Also Read
The attack can break into a network by exploiting a four-way “handshake” that’s used to create a key for encrypting traffic. Researchers found that an attacker can force key resets by collecting and replaying transmissions of the third handshake, effectively breaking down the encryption protocol. This is the first attack on the Wi-Fi protocol that doesn’t involve password guessing. It’s important to note that while the attack allows hackers to eavesdrop on traffic flowing from your router, it can’t be used to take over the device.
Variants of the attack affect Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and other companies who sell internet-connected products. The security researchers who found the flaw say devices running unpatched versions of Android and Linux are vulnerable to a particularly “catastrophic” attack.
Several companies have already issued patches that fix the Wi-Fi vulnerability.
Microsoft told Forbes that all users who manually apply the latest update or have automatic updates enabled are protected.
Apple has not commented on whether its latest versions of macOS and iOS are vulnerable.
Google promised a fix for its devices “in the coming weeks.” Until then, we recommend you avoid connecting to public Wi-Fi.
All data transmitted from 41 percent of existing Android devices via Wi-Fi can be decrypted, even if a website uses HTTPS protocol for an additional layer of protection.
Also Read:
It’s not clear if the WiFi flaw is actively being exploited in the wild.
In theory it allows a hacker within range of a Wi-Fi network to read passwords, credit card numbers and photos sent over the internet.
Other sensitive information that can be obtained thanks to this exploit is chat app messages and e-mails.
The WPA2 Wi-Fi vulnerability has been a closely guarded secret for weeks, with today’s revelations a co-ordinated disclosure.
The terrifying exploit was unearthed by researchers led by Mathy Vanhoef from the Belgian university KU Leuven.
The experts, after discovering the exploit, carried out a “proof-of-concept” attack on an Android smartphone to learn more about the vulnerability.
Vanhoef said the attack would work against “all modern protected Wi-Fi networks” and “if your device supports Wi-Fi, it is most likely affected”.
In the paper on the Krack Attacks website, the researchers said: "All protected Wi-Fi networks use the four-way handshake to generate a fresh session key and so far this 14-year-old handshake has remained free from attack.
"Every Wi-Fi device is vulnerable to some variants of our attacks.”
Wireless security warned about the widespread Wi-Fi vulnerability
Vanhoef and his team said the KRACK attack is “exceptionally devastating” against Android 6.0.Most modern Wi-Fi networks have traffic encrypted by either the WPA or WPA-2 protocols.
These have existed since 2003 and until now have never been broken.
When a user connects to a secure network, a four-way “handshake” takes place between a device and a router.
This is to ensure that no one can decrypt the traffic, but Vanheof’s team discovered a way to install a new key during the third step of the process.
This exploit lets hackers gain access to data transmitted over a network which can be stolen, or used to carry out a cyber attack.
The US Government has also today issued a warning about the KRACK attack, saying anyone using the WPA2 standard is probably compromised.
The security alert about the flaw came from the US Computer Emergency Readiness Team (Cert).
They said: "US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol.
"Most or all correct implementations of the standard will be affected."
Security researchers have said that changing your Wi-Fi password will NOT help prevent attacks.
However, it’s to be expected that patches for devices will be issued in the coming weeks to protect against this vulnerability.
So it’s worth updating router firmware and all devices to the latest patches available.
Also, seeing as access points for the general public aren’t likely to be patched quickly it’s worth avoiding Wi-Fi whenever possible.
Ars Technica, who first reported on the KRACK flaw, gave advice about what to do when Wi-Fi is the only connection option available.
If that’s the case, people should use HTTPS, STARTTLS, Secure Shell or other protocols to encrypt web and e-mail traffic.
As a fall-back plan, users should consider using a virtual private network as an extra safety measure.
But make sure you choose your VPN providers carefully.
Simon Migliano, Head of Research, Top10VPN.com, said: “Now that Wi-Fi security has been compromised, using any kind of shared network now severely risks your privacy - even if it is password-protected.
When you connect to the Wi-Fi in your local coffee shop or the airport, it’s now much easier for hackers to force you onto a cloned network that they control without you realising anything has happened.
“With your internet traffic now exposed, it’s easy for hackers to steal your personal information.
“Even encrypted sites on HTTPS are not necessarily safe as in this kind of man-in-the-middle attack, hackers can neutralise the security from such sites allowing interception of log-in credentials.
“They can also force you onto cloned versions of the websites you visit in order to capture your information - all without you realising anything suspicious is happening.”
Most Popular
.jpg)
No comments:
Post a Comment