STATES CHRONICLE – Researchers have recently discovered a weakness in the WPA2 protocol. Any hacker within the Wi-Fi range of a device could exploit it. This way, private data such as e-mails, passwords, and other personal information were left unprotected. The exploit is known as the KRACK attack and could have easily inserted malicious content into devices without owners finding out about it.
Attackers Have to Be Within Wi-Fi Range to Penetrate Systems
The name comes from Key Reinstallation Attack. Experts were aware of this digital threat for some weeks now. However, they decided to find a solution before delivering the news to the world.
The scheduled announcement was set for 8 a.m. Monday, East Coast time. Nonetheless, Internet users uncovered the secret mission earlier on Sunday. They came across the threat on one of researchers’ Github account.
The hacking method works by attacking the core of the WPA2 protocol itself. It records better results when it comes to devices with Linux, Android, and OpenBSD. It can even inject malware in mobile terminals.
However, the Krack attack can cause a lot of damage for Windows and macOS as well. Thanks to this vulnerability, hackers can gain access to files that are usually encrypted by the Wi-Fi encryption protocol.
The Krack Attack Forces Nonce Reuse to Exploit the Third Part of a 4-Way Handshake
Hackers can penetrate the security layers by ‘forcing nonce reuse.’ Usually, WPA2 is in charge of protecting wi-fi networks. However, an attacker within the range of the Wi-Fi can initiate key reinstallation attacks. Through this technique, they can read sensitive data that people thought were safely encrypted.
The vulnerable point, in this case, is the four-way handshake that any consumer activates the moment they join a wireless platform. The third part of this protocol has the authority to resend a fresh encryption key if it doesn’t receive the right response. It can repeat the procedure for numerous times.
Therefore, a reinstallation is ordered, and the KRACK will make sure it takes full advantage of this moment. The attack forces the nonce reuse to let it bypass the encryption.
Experts Advise Users to Wait for a Patch or Rely on Trustworthy Protocols for Web Encryption
However, the threat wasn’t as dangerous as it was initially thought. The vulnerability is better suited to trap bigger fish such as corporations and government departments that accept connections from Android and Linux devices. However, attackers have to position themselves within Wi-Fi range in order to hack into the system.
Researchers advise users to stop using Wi-Fi connections until they receive a patch with a solution to Krack. If this step is impossible for some, they should make sure they use HTTPS, STARTTLS, Secure Shell, and other trustworthy protocols for Web encryption.
Image source: 1