Photo credit: tekgyd.com

As you are reading this at home, it is possible that your router is being hacked at this moment. Experts have found a massive flaw in Wi-Fi protection which can let cyber criminals follow your every move and even install malicious software.

The fault is called KRACK, which is short for Key Reinstallation Attacks. Computer experts have been able to crack this code which is used to generate WPA2 encryption keys. Any hacker within physical range of that router can then exploit the flaw.

KRACK targets a process which in computer terms is called a handshake, an automated negotiation that happens between devices on a same network. This handshaking establishes the rules of communication between a 'foreign' device (for example a printer, another server or a smartphone) and the router.

The foreign device is then asked by the router to agree to the rules which are established by this handshake, and after it accepts, it can establish a connection with the home network. It is at this point in time, which only last for a few nanoseconds, that KRACK can bypass the handshake and enter connection with the router.

Any smart device connected to the router (GPS, baby monitor, security cameras, etc.) is also vulnerable.

In a written statement, the researchers of the Belgian university KU Leuven that made the discovery, said: “We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”

The full findings of the KU Leuven team are to be presented during the ACM Conference on Computer and Communications Security in Dallas next month.

Source:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/