Microsoft already has a fix for the WPA2 vulnerability

Wifi WPA2 security cracked: Android & Linux most vulnerable, but iOS and macOS too [Video]

Android 6.0, Chromium and Android Wear 2.0 devices are particularly vulnerable to four-way handshake attacks-an attack actually causes the protocol to reinstall a predictable, all-zero key, making it trivial to decrypt the network's traffic. However, as per available indications, the researchers will be revealing some alarming facts about how vulnerable the latest security protocol is. "If your device supports Wi-Fi, it is most likely affected." So. "As a result, now 31.2 percent of Android devices are vulnerable to this exceptionally devastating variant of our attack".

The US-CERT has warned of several key management vulnerabilities in WPA2 security protocol that may affect all Wi-Fi devices.

Mr Liverpool has outlined how serious the threat is that we are now facing, furnishing users with some basic tips to bear in mind so as to be proactive in maintaining security. Google says it is working on a patch, and Microsoft says it's already released a security update to fix the issue. It should be noted that the KRACK attack does not help attackers recover the targeted WiFi's password; instead, it allows them to decrypt WiFi users' data without cracking or knowing the actual password.So merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack.

As plainly put, a bug affectionately called KRACK (Key Reinstallation Attack) has put nearly every modern Wi-Fi enabled device and content at risk of being decrypted by hackers.

A "severe" security flaw with home WiFi networks has been reported that potentially puts anyone using a wireless router at risk of being hacked. An attacker could now read all information passing over any wifi network secured by WPA2, which is most routers, both public and private. "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos and so on".

Using what Vanheuf calls a Key Reinstallation AttaCKs (KRACKs), he showed how someone could get data from an Android device by tricking the user into installing an old key.

Microsoft says it has already fixed the problem for customers running supported versions of Windows. VPN and other security technologies can offer protection to connection pending the availability of software update, according to preliminary analysis by one security researcher.

On a positive note, remote attacks using this exploit alone are impossible as the hacker would need to be in physical proximity to the router Alan Woodward, encryption expert from the University of Surrey explained that the attack is not scalable: "It's a very targeted attack".

Normally, WPA2 keys require a unique encryption key for each network frame. Also, a security update on either side of the handshake communication can ensure that keys are not reused. Those tools may emerge sooner rather than later, so if you're super concerned about this attack and updates are not yet available for your devices, perhaps the best approach in the short run is to connect any devices on your network to the router via an ethernet cable (assuming your device still has an ethernet port).

Related:

Comments

Latest news

#MeToo: Social media posts show how many are impacted by sexual assault
Milano joined in the boycott, tweeting that Friday would be the first day in over 10 years that she wouldn't tweet. "If you've been sexually harassed or assaulted write "me too " as a reply to this tweet ", Milano wrote.

Indian football team gains two places in FIFA rankings
Joining Northern Ireland and the Republic of Ireland in the draw are: Sweden , Switzerland, Denmark, Italy, Greece and Croatia . Slovakia, as the worst-ranked second-placed team, miss out.

Kellyanne Conway is terrifying as Kellywise the Clown on 'SNL'
He soon finds himself confronted with " Kellywise the Clown" in a sewer outside, mirroring the horror film's opening sequence. And yet - as in the skit - Cooper and Maddow are often just too tempted by the ratings draw to resist.

Next Weeks Broker Price Targets For Coca-Cola Bottling Co. Consolidated (NASDAQ:COKE)
Feltz Wealth PLAN Inc. acquired a new position in shares of Coca-Cola Company (The) in the 1st quarter valued at about $150,000. It also upped Ishares Tr (IJR) stake by 34,713 shares and now owns 168,550 shares. 85,472 are held by Asset Mgmt One Ltd.

Other news