Security flaw can let anyone in the vicinity of a WAP2 router to keep a tab on users online activities, steal personal data and even inject malware.
A severe security flaw has put at risk all data transmitted over Wi-Fi all over the world. The exploit named Krack or Key Reinstallation Attacks pertains to the Wi-Fi Protected Access II protocol which makes it possible for anyone within physical proximity of a WPA2 enabled Wi-Fi router to keep a tab on user’s every online move.
It is not only user’s online records that are at risk as hackers get to watch online transactions including bank or credit card details. The vulnerability can also be put to use to inject malware or ransomware into systems as well, which underscores a huge risk that both corporates and domestic users face in the aftermath of the discovery of the security flaw.
In fact, the scope of the misuse of the above flaw is almost endless given the ever-widening use of wireless internet in most spheres of our lives. Those include smart baby monitors or security cams that too can be hacked to show erroneous results.
Researchers who discovered the flaw said it has to do with the four-way handshake that creates the key for data traffic encryption. However, what has come to the fore is that the key can be sent multiple times during the third step. However, while a mathematical formula is used to generate the keys in the third step, the same can be compromised to reveal the keys.
For users, the best they can do for the moment is to wait for the router manufacturers and ISPs to come up with an effective patch in the form of firmware updates to remedy the situation. Till then, users would do good to refrain from doing any business with sites that begin with HTTP://. Sites beginning with HTTPS:// would be relatively safer.
Also, with a usage of smart devices, users should check for the latest firmware updates that have been made available.
The full finding of vulnerabilities discovered will be made public by the KU Leuven team on November 1 at the ACM Conference on Computer and Communications Security in Dallas.