Digital security researchers publicly reveal vulnerability in WPA2 WiFi protocol

On Monday, digital security researchers Mathy Vanhoef and Frank Piessens of Belgium's KU Leuven university publicly disclosed a security vulnerability in the WPA2 Wi-Fi (wireless local-area networking) protocol, which they called KRACK (for Key Reinstallation Attack). Their study claimed KRACK affects every modern device using Wi-Fi; it can be fixed by a software update.

USB wireless adapter. Image credit: Silverxxx/Wikipedia (CC BY 3.0)

Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on.

Vanhoef notified vendors about the flaw in July, including UNIX-like operating system OpenBSD. If your device supports Wi-Fi, it is most likely affected. In general, any data or information that the victim transmits can be decrypted.

The study papers, which were submitted for review on May 19, were kept in confidence allowing companies to fix the security flaw. The United States-based Computer Emergency Response Team (CERT) informed vendors on August 28. The Wi-Fi Alliance said it "could be resolved through a straightforward software update." OpenBSD released their software patch on August 30.

Exploring the flaw which affected every device the researchers had tested, National Cyber Security Centre of the UK said "the attacker would have to be physically close to the target". But due to this flaw, an attacker can send malware or ransomware on the websites.

Linux-based operating systems including Android v6.0 and higher are especially affected by this flaw, while Windows and iOS are not as vulnerable as Android by this flaw as they do not fully implement WPA2.

Microsoft reportedly has released security patches for Windows 7, 8, 8.1 and 10. Google said Android operating systems would receive the updates in the software update scheduled to be made available on November 6. Apple has implemented the patch in the beta versions of their operating system iOS, macOS, tvOS and watchOS, however it is yet to roll out patches for stable operating systems.

WPA2 protocol has been used for more than a decade, and has been compulsory for Wi-Fi since 2006. KRACK would also affect various home appliances which can be controlled over Wi-Fi, within the so-called "Internet of things". (Wikinews)

YOU MAY ALSO LIKE

Recurring Martian Streaks: Flowing Sand, Not Water?

Dark features on Mars previously considered evidence for subsurface flowing of water are interpreted by new research as granular flows, where grains of sand and dust slip downhill to make dark streaks, rather than the ground being darkened by seeping water.

Giant group of octopus moms discovered in the deep sea

We know more about the surface of the moon than we do about the bottom of the ocean. The seafloor is an alien landscape, with crushing pressures, near-total darkness and fluids wafting from cracks in the Earth's crust.

Researchers report rapid formation of new bird species in Galápagos islands

A study reported on formation of a new bird species on the Ecuadorean Galápagos Islands.

Middle Age Severely Obese People More Likely to Die Early

People who are severely obese in their middle age are fifty percent more likely to die early than those of a healthy weight, a study shows.

There May Be No Dark Matter, Dark Energy in Universe

Dark matter and dark energy may not actually exist, according to a study which suggests that accelerating expansion of the universe and the movement of the stars in the galaxies can be explained without these concepts.

New Appetite Control Mechanism Found in Brain

Over recent decades, our understanding of hunger has greatly increased, but this new discovery turns things on their head.