Mathy Vanhoef, a security expert from Belgian university have triggered heat discussion recently. For his findings of a key reinstallation attack vulnerability in the WPA2 Wi-Fi protocol has been made public yesterday.
He discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks, which means the attack works against all Wi-Fi networks. And no tested device or piece of software was fully immune to the weakness. “The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected,” he writes.
It’s quite a complex attack to carry out in practice, but researchers have seen similar before, so we should know it’s possible to automate.
The United States Computer Emergency Readiness Team issued the following warning in response to the exploit: US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven will be publicly disclosing these vulnerabilities on 16 October 2017.
Online safety is crucial. However, we should be concerned, not too worried. Symantec researcher Candid Wuest said, “There is likely to be a delay before the vulnerability is used to actually attack networks.”
Then you are definitely eager to know how to deal with KRACK. Here are two simple but useful ways for you.
Update your device. To prevent the attack, users must update affected products as soon as security updates become available. Simply apply the updates of your software when it becomes available for companies are working on it too.
Use a VPN, just as Mathy Vanhoef recommended. If you have a paid VPN service that you trust, enable the connection full-time. This is a basic and simplest secured way for online safety actually. The most important lesson from the weakness was that relying on any one security feature is risky. “You shouldn’t be trusting one single point of failure for all your security. Don’t rely on just your wifi, use a VPN for anything important.” X-VPN is a perfect choice for this.
You can get more detailed information about the exploit at krackattacks.com.