There is yet another reason to worry about personal privacy in the digital world. Research findings released last week revealed that hackers have exploited a vulnerability in the security protocol that defends modern Wi-Fi networks. The so-called KRACK exploit potentially exposes as many as 50 percent of Android devices to a potentially “exceptionally devastating” attack, and Linux, Apple, Windows, Linksys, and other devices are also vulnerable to variants of the attack.
The tremendous vulnerability was discovered by Mathy Vanhoef, a researcher at imec-DistriNet, KU Leuven, a university in Belgium, and some of his colleagues. “We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks,” he said on the krackattacks.com website. “An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs).”
According to Vanhoef, attackers can use this novel attack technique to read information that was previously thought to be safely encrypted. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on,” he added.
Further, the attack works against all modern protected Wi-Fi networks, the researcher emphasized. “Note that if your device supports Wi-Fi, it is most likely affected,” he said. “Depending on the network configuration, it is also possible to inject and manipulate data,” Vanhoef explained. For instance, an attacker could inject ransomware or other malware into websites.
“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations,” the researcher continued. What should people do? “Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack. So you do not have to update the password of your Wi-Fi network,” said Vanhoef. “Instead, you should make sure all your devices are updated, and you should also update the firmware of your router.”