Science

All WiFi users open to malware attack through WPA2 glitch

All WiFi users open to malware attack through WPA2 glitch

Hopefully by now everybody has ensured that their home wireless network and devices are all connected using the latest Wi-Fi Protected Access II (WPA2) method of encryption, which has so far served us all well.

Reusing or recycling a nonce allows the attacker to decrypt and forge packets of information within the traffic stream, exposing user activity and data. According to a report by Ars Technica, the researchers have indexed the security flaws as, "CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088".

The site adds that even though the likes of Aruba and Ubiquity have updates available to mitigate these vulnerabilities, a large number of WI-Fi devices may not be patched in time or at all by their makers. The interesting thing about this is that it affects devices running Android Marshmallow 6.0 or higher.

Anyway, if you've not heard, a security researcher today disclosed a massive vulnerability in the WPA2 security protocol that is used to encrypt Wi-Fi traffic.

Devices using end-to-end encryption, such as on websites using HTTPS, would still have that encrypted protection - meaning the eavesdropper would not be able to read that information. For example, a message sent from your phone to a network could be played, or video that your security camera sent to network could be played and all modems are affected.

New Austrian leader 'will be Europe's youngest head of government'
Kurz said on Sunday night that he was open to talks with all parties that entered parliament on forming a coalition government. That's after its candidate nearly won the country's presidency, a mostly ceremonial post, in a run-off vote previous year .

Instead users will be at the behest of hardware manufacturers who will now need to patch software that you as a user will likely need to install. The Key Reinstallation Attacks allow anyone in close physical proximity to gain access.

"The vulnerability is serious, but to exploit it the criminal has to be physically near the computer they want to attack", said Dr Murdoch.

The United States Computer Emergency Readiness Team issued a warning about Krack Sunday, and Britain's National Cyber Security Centre says it is investigating the weakness. Those tools may emerge sooner rather than later, so if you're super concerned about this attack and updates are not yet available for your devices, perhaps the best approach in the short run is to connect any devices on your network to the router via an ethernet cable (assuming your device still has an ethernet port).

The attack is known as KRACK - after "key reinstallation attacks" - and it exploits the "four-way handshake" protocol used by WPA2 as a means of secure authentication. The vulnerability can also be put to use to inject malware or ransomware into systems as well, which underscores a huge risk that both corporates and domestic users face in the aftermath of the discovery of the security flaw. If you've got automatic updates enabled, you should be good to go. This results in the encryption key being rewritten to all-zeros, which makes it trivial to hack.

Resolving the security problem is likely to involve applying security update to routers, something history shows is a problematic process. "So you do not have to update the password of your Wi-Fi network", the researchers say.