KRACK: Wi-Fi security flaw can let cybercriminals hijack your device

The loophole can potentially allow hackers to snoop on or take over millions of devices which use Wi-Fi.

By: AGENCE FRANCE-PRESSE
| Updated on: Oct 16 2017, 20:15 IST
New security loophole allows cybercriminals to hijack devices using wireless networks.
New security loophole allows cybercriminals to hijack devices using wireless networks. (Getty Images/iStockphoto)

The US government's Computer Emergency Response Team on Monday issued an alert about a critical security flaw in Wi-Fi encryption protocol that can help cybercriminals to eavesdrop on or hijack devices using wireless networks.

The agency, part of the Department of Homeland Security, said the flaw was discovered by researchers at the Belgian university KU Leuven.

You may be interested in

MobilesTablets Laptops
27% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

According to the news site Ars Technica, the discovery was a closely guarded secret for weeks to allow Wi-Fi systems to develop security patches. Attackers can exploit the flaw in WPA2 -- the name for the encryption protocol -- "to read information that was previously assumed to be safely encrypted," said a blog post by KU Leuven researchers.

Also read
Looking for a smartphone? To check mobile finder click here.

"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks.

"Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

The flaw was dubbed KRACK for Key Reinstallation AttaCK because it allows attackers to insert a new "key" on a Wi-Fi connection that keeps data private. Security researchers said the newly discovered flaw was serious because of the ubiquity of Wi-Fi and the difficulty in patching millions of access points.

"Wow. Everyone needs to be afraid," said Rob Graham of Errata Security in a blog post.

"It means in practice, attackers can decrypt a lot of Wi-Fi traffic, with varying levels of difficulty depending on your precise network setup." The Wi-Fi Alliance, an industry group which sets standards for wireless connections, said computer users should not panic.

"There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections," the group said in a statement.

"Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member."

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 16 Oct, 20:14 IST
NEXT ARTICLE BEGINS