Large Number Of Android Devices Vulnerable To Wi-Fi Attack
A new widespread vulnerability affecting Android and Linux-based devices have been discovered by researchers. The new exploit can allow attackers to read Wi-Fi traffic between devices and wireless access points and potentially look at everything people are doing online.
Mathy Vanhoef, a researcher at Belgium's university KU Leuven, released information about the vulnerability. Dubbing it KRACK, for Key Reinstallation Attack, Vanhoef's description of the hack was shocking, to say the least.
"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on," he said. "The attack works against all modern protected Wi-Fi networks."
Vanhoef added that depending on the network configuration, it is also possible to inject and manipulate data. One such way attackers can utilize this is to inject ransomware or other malware into websites.
The vulnerability appears to be in the Wi-Fi standard itself affecting a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), which most Wi-Fi users rely on to keep their web use hidden and secret from others. Using KRACK, a hacker to trick a victim into reinstalling an already-in-use key rendering the encryption useless and allows messages to be silently intercepted.
The researchers found that the attack was particularly severe for Android and Linux users. This is mainly due to the operating system using what's known as an "all-zero encryption key" which makes it easier for an attacker to intercept by just by forcing a reinstallation.
For now, the only thing users can do is to be wary of using Wi-Fi particularly public ones. This is until patches can be rolled out remedying this particular vulnerability.
There might also be some actions to fix the weakness in the WPA2 encryption protocol which is currently the universal standard. Vanhoef suggests getting devices patched as soon as updates are available which shouldn't take long as manufacturers have already taken notice.