Wi-fi WPA2 Security Broken

Posted: Oct 16 2017, 4:26am CDT | by , in News | Technology News

 
Wi-fi WPA2 Security Broken
Photo Credit: Getty Images

Researchers broke the WPA2 protocol with KRACK attack.

Our Wi-fi connections are insecure. Belgian researchers will reveal a vulnerability that allows attackers to decrypt and hijack your WPA2 protocol wireless connection. The details of the WPA2 hack are going to be released on Monday. A presentation for the upcoming ACM Conference on Computer and Communications Security end of the month gives some hints.

Update: The paper "Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" has been published on Mathy Vanhoef's site. The krackattacks.com site is also live with the details on the Krack attack.

Do not switch to WEP, because of the WPA2 issue. WEP is totally weak and can be hacked. The first vendors of Wi-fi equipement have issued patches. The security hole can be fixed with a new firmware.

The paper is titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 and is part of the ACM session titled Crypto Pitfalls. Authors on the paper are Mathy Vanhoef and Frank Piessens from KU Leuven.

The researchers published last year a paper titled "Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys." The core problem for that security problem of Wi-Fi was the 802.11 random number generator allowing predicting its output including the group key. The paper shows how a downgrade-style attack against the 4-way handshake works. The researchers also propose the solution to fix the vulnerability with the random number generator based on randomness extracted from the wireless channel.

Now apparently the researchers found new issues that break WPA2 security. There is no official reveal of the findings yet. A website with domain name krackattacks.com is expected to host the details about the Wi-if attack. It is not known at this point if governments or cyber attackers have known about the KRACK attack and have used it.

The vulnerability is likely during the handshake sequence WPA2 uses to choose encryption keys for a session between client and base station according to TheRegister. This is no small problem. There will be at least 10 Common Vulnerabilities and Exposures (CVE) to be filed in relation to Krack Attack. The reserved numbers include CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.

This means that you can't rely on WPA2 encryption for Wi-Fi connections. Wi-Fi equipment makers will have to upgrade their systems with new firmware to close the vulnerability. In the meantime, it is time to go back to Ethernet cables.

This story may contain affiliate links.

This free App Solves You Holiday Shopping Problem


Download the free Tracker app now to get in-stock alerts on Fingerling, Luvabella, SNES Classic and more.

Latest News

Comments

The Author

<a href="/latest_stories/all/all/2" rel="author">Luigi Lugmayr</a>
Luigi Lugmayr () is the founding chief Editor of I4U News and brings over 15 years experience in the technology field to the ever evolving and exciting world of gadgets. He started I4U News back in 2000 and evolved it into vibrant technology magazine.
Luigi can be contacted directly at ml@i4u.com.

 

 

Advertisement

comments powered by Disqus