Security researchers from Belgian University KU Leuven revealed a key reinstallation attack vulnerability in the WPA2 Wi-Fi protocol. Using this flaw an attacker within range of a person logged onto a wireless network could use key reinstallation attacks to bypass WPA2 network security and read information that should have been securely encrypted. What are the possible consequences of this revelation and how end users can protect themselves?
Is Everything That Bad?
The short answer is ‘yes’. The vulnerabilities in WPA2 discovered by the researchers could potentially affect every Wi-Fi router, PC and mobile phone, since the flaws are in the Wi-Fi encryption protocol, and not specific to any device or other piece of hardware.
With this vulnerability, hackers can intercept any data a user types in after connecting to a Wi-Fi access point. That includes access credentials for email, websites and online banking resources, as well as credit card information, private messages and correspondence. Malicious actors can decrypt ALL traffic and read ALL of the information transmitted.
To take advantage of these flaws, a malicious actor would first need to be in close physical proximity to a vulnerable device. Then, they can exploit the WPA2 flaws to eavesdrop on network traffic, steal data such as credit card numbers, emails, passwords and more, or even hijack connections and inject malware into websites. Moreover, hackers are able not only to steal data but to actively attack users — spreading malware, including crypto lockers by injecting their code into HTTP traffic.
How To Protect Yourself
All users must install the appropriate security updates as soon as vendors release them. If updates are not available yet, use a VPN as a temporary security measure. This will reduce the likelihood of an attack being successful.
Another option is to use only HTTPS protected websites — KRACK attack does not allow cybercriminals to decrypt encrypted HTTPS traffic. In order to do this hackers would need to use more sophisticated tools and attack methods which could be spotted by any users that are aware of basic information security measures.
Author: Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies