Security flaw leaves all Wi-Fi traffic open to eavesdropping
KU Leuven researchers have discovered serious weaknesses in a protocol that secures all protected Wi-Fi networks. Attackers can exploit these flaws to steal credit card numbers, passwords, and other sensitive information. Researcher Mathy Vanhoef (Department of Computer Science / imec-DistriNet) detected the weakness by performing a novel type of attack against the so-called 4-way handshake of the WPA2 protocol, which secures all protected Wi-Fi networks.
Whenever someone joins a Wi-Fi network, it executes this 4-way handshake to produce a fresh encryption key for all subsequent traffic. To guarantee security, a key should be installed and used only once.
But in a key reinstallation attack (KRACK), attackers trick a victim into reinstalling an already-in-use key. As a result, they can steal sensitive information or, depending on the network configuration, inject malware into a website.
All modern protected Wi-Fi networks currently use the 4-way handshake. This means that all these networks are vulnerable, and that any device that uses Wi-Fi is most likely vulnerable.
Does that mean we should all change our Wi-Fi passwords? Vanhoef: “Changing the password of your Wi-Fi network does not prevent attacks. Instead, users have to update all their devices as soon as security updates becomes available.”
Featured products
MAX17793
Analog Devices Inc.
3V to 80V, 3A, High-Efficiency, Synchronous Step-Down DC-DC Converter
| SKU: | MAX17793 |
|---|---|
| Stock: | 9316 |
| Cost: | $3.64 |
MAX22516
Analog Devices Inc.
IO-Link Data Link Controller with Transceiver and Integrated DC-DC
| SKU: | MAX22516 |
|---|---|
| Stock: | 8000 |
| Cost: | $5.42 |
