Major security flaw detected in Wi-Fi WPA2 protocol

Almost every Wi-Fi connection is vulnerable

WPA2 protocol, thought as the most secure, is, in fact, the most vulnerable.

If you are using Wi-FI connection, secured by WPA2 protocol, you are likely to be one of the millions of fellow Internet users, who are unaware that they are exposed to cyber assault. It does not matter whether you are sharing the Internet network with roommates or using the net alone, your Internet connection might be assaulted by cyber felons. Regardless whether you made up a complex 13-character passcode for the network, the vulnerability lies elsewhere – in WPA2 protocol.

Easy access to users’ personal data

Wi-FI Protected Access 2[1] or WPA2, in short, has been a security standard for almost every Internet network for a while. It was designed to encrypt network’s traffic to hide it from unauthorized access. Considered to be a crucial security guarantor, it has been implemented by every Wi-Fi service provider. However, what was regarded as most secure, turned out to be most vulnerable.

The vulnerability has been named as KRACK[2]. With the help of four-way handshake technique, a cyber villain connects to the target's Wi-Fi network. The technique deceives the victim into installing an identical already-in-use key.

As a result, all packet numbers with a cryptographic nonce are reset. Consequently, such intervention grants the felon to bypass the encryption. Consequently, they can manipulate victim’s internet traffic and divert them to a non-secure version of the same website which contained HTTPS indicator prior the infiltration.

Plans for the update

In short, after gaining access to the victim’s network, a cyber crook can deceive the user into visiting exploit kit or ransomware-laden websites, let alone stealing sensitive data, such as bank credentials and email account passwords.

The vulnerability has come into daylight on Monday, October 16. Internet service providers, as well as major corporations, have been already informed.

However, there is one major weakness in KRACK technique. A perpetrator has to be near their potential victims in order to carry out the attack. While the virtual community is developing countermeasures and the update implementation plans, users still have the last straw of hope – accessing websites with HTTPS protocol should prevent them from getting affected.

Companies, as well as home users, are advised to update the software as well as the firmware of their rooters. However, the latter aspect is especially tricky when it comes to IoS devices. Let alone users themselves fail to install the updates right after the release, Wi-FI supported IoS devices often are unsupported by the manufacturers[3].

While Android and Linux users are said to be especially vulnerable to the attack, iOS and Mac users should be vigilant as well.[4]

About the author
Lucia Danes
Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions