A new cyber threat emerged recently, and it puts any person using a wireless network, even one with a secure password, at risk of being hacked.
The bug, called KRACK (Key Reinstallation Attack), is essentially a fundamental flaw in the WPA2 (Wi-Fi Protected Access 2) encryption that is used on all modern Wi-Fi routers. This security protocol, an upgrade from WEP, is used to secure communication between all the players in a network – routers, mobile devices, the Internet of Things. The issue in question with this threat is a flaw in the four-way handshake that permits devices using a pre-shared password to join a wi-fi network.
It gives anyone with malicious intent, and the physical proximity to the network, the ability to hack into a device that’s logged in to the system. They can then exploit that flaw to decrypt traffic like credit card information, hijack connections and passwords, and eavesdrop on communications sent from that WPA2-enabled device.
Vendors have been in the know about this for a while, and most have rushed into action to prepare patches and prevent masse exploitation of the bug. So far, so good.
But this newest vulnerability – one that could potentially affect millions of casual users at the local coffeeshop or restaurant – simply points out the fact that cyberthreats will never be eradicated. As soon as one issue is resolved, cybercriminals will be searching for the next flaw, bug or vulnerability to attack.
So how can we stay protected? Staying on top of security measures is imperative: