Matty Vanhoef, a cybersecurity researcher at the University of Leuven in Belgium, published a paper this Monday on a new type of exploit that leaves virtually all Wi-Fi enabled devices vulnerable to hackers. Key Reinstallation Attacks, or KRACK as they have been dubbed, are the latest cyber threat to arise.
There has been a lot of alarms across the industry because the way in which the attack works is too close to the network encryption process, which in turn makes KRACK all the more dangerous and widespread than people might think.
However, some tech giants have already moved their pieces to keep customers safe. There is much misinformation about what KRACK involves and its potentially harmful impact on tech, so here are some key takeaways from this new exploit.
Confused about the wi-fi security issue? Here's the problem explained. #KRACK #KrackAttack https://t.co/3OxUcSk4PI pic.twitter.com/5KAtSKBxJ1
— BBC Technology (@BBCTech) October 16, 2017
KRACK affects everyone, but it’s hard to implement
Essentially, what KRACK attacks do is interfere with virtual handshakes common in many encryption processes at the core of wireless connections. The WPA and WPA-2 protocols, which are among the most widely used in the world, are at risk of being intercepted by hackers.
Vanhoef says that cybercriminals can use the new technique “to read information that was previously assumed to be safely encrypted.” This includes emails, attachments, photos, and anything you share or store online regardless of how sensitive the information is.
Other protocols are affected to the same extent or a bit less, using the same breakdown attack that renders your Wi-Fi protection useless. All operating systems were classified as being at risk, but since then some tech giants have taken action to prevent any incidents.
Luckily for most of us, there is an intrinsic quality to this security flaw, and that is that hackers need to be physically present and close to their target in order to exploit it. They also need to stay hooked up to their network just long enough to get what they want, making it complicated and costly to use as a hacking method.
Apple has confirmed to me that #wpa2 #KRACK exploit has already been patched in iOS, tvOS, watchOS, macOS betas.
Deeper dive to follow.
— Rene Ritchie (@reneritchie) October 16, 2017
Android: beware. iOS: working on it. Windows: safe
No matter how hard or expensive something is to carry out, there will always be someone out there who is willing to do it if the potential profits are high enough. As such, we should expect attacks derived from KRACK in the coming weeks, as hackers exploit different connected devices.
The researcher said Android users were particularly at risk since a flaw in Android 6.0 allows hackers to gain even easier access to mobile devices running on this version of the operating system. Apple said that their entire OS catalog had patches in place that solved the problem up and running in beta versions.
Microsoft, on the other hand, addressed the issue head-on and released an update that is now available for the majority of Windows 10 users. Linux loyalists face more problems, as different distributions need to deal with the exploit within their community.
Source: Mathy Vanhoef