Nevada Website Design has learned about this public service announcement (PSA) from the team at Wordfence about a security issue that may have a widespread impact.
According to WordFence.com, Monday, October 15th, 2017 is being referred to as “Black Monday” among information security circles. WordFence reports of a major Wi-Fi vulnerability that can affect every device that supports Wi-Fi. This vulnerability gives attackers a way to decrypt WPA2 connections. A second vulnerability is covered at the end of the post.
“KRACK” is the short name given to the vulnerability which stands for Key Re-installation Attacks.
Mark Maunder from WordFence explains the problem in relatively non-technical terms to enable you to clearly understand how this affects you and what you can immediately do about it.
As Mark Maunder mentions in the post to spread the news of this, Nevada Website Design strongly recommends you do this as well after reading the entire post. The reason is this Wi-Fi weak point can give attackers to figure out WPA2 configuration, which was has been considered a secure Wi-Fi encryption protocol.
The WPA2 Wi-Fi Vulnerability
The WPA2 protocol was designed to secures modern protected Wi-Fi networks; 60% of the world’s Wi-Fi networks, according to reported stats from Wigle.net.
Researchers at KU Leuven, a university in Flanders in Belgium, have discovered a way for an attacker to read sensitive information that is sent over a Wi-Fi network using WPA2.
Attackers can use this information to hijack sensitive data such as credit card numbers, passwords, chat messages, emails, photos and more. The attack works against all modern protected Wi-Fi networks.
Attackers may be able to inject malicious code into the Wi-Fi network, which could include ransomware and malware.
It is important to not that the vulnerability is in the Wi-Fi standard itself, and not in individual products or their implementations. That means that all products that correctly implement the WPA2 standard are affected.
If your device supports Wi-Fi, it is likely affected by this vulnerability.
Products that are known to be affected by this at this time include Android, Linux, Apple, Microsoft Windows, Linksys and more. The list of affected vendors is enormous, and vendors including Amazon, Cisco and Netgear are scrambling to release patches to fix this issue.
BleepingComputer has compiled a running list of vendors that will be growing over time as more information about patches becomes available.
You can find out the technical details on the KRACK attack from the researchers themselves at krackattacks.com. This includes an academic paper and demonstration video.