Newly Discovered WPA2 WiFi Security Flaw

You know how they say never to use unsecured WiFi when transmitting sensitive information (i.e. credit cards, email, etc.)? Well, now it seems that you have to worry about secure, encrypted WiFi, too.

Ars Technica reported findings about a newly discovered security flaw known as KRACK, which is something that affects WPA2 (a security protocol used in most WiFi devices). KRACK is an acronym for Key Reinstallation Attack and involves reusing a one-time key during an attempt to join a secured WiFi network. When this is done, it gives the hacker the opportunity to decrypt all information that’s being exchanged from the device (smartphone, laptop, etc.) to the access point. Not only is your private information up for grabs, but your credit card numbers, passwords, messages, emails and more are about ready to be stolen.

These findings were discovered by KU Leuven's Mathy Vanhoef. Depending on the network configuration, it’s possible that attackers can exploit KRACK to inject ransomware and other malicious codes into websites.

As quoted from Ars Technica, it states, “KRACK works by targeting the four-way handshake that's executed when a client joins a WPA2-protected WiFi network. Among other things, the handshake helps to confirm that both the client and access points have the correct credentials. KRACK tricks the vulnerable client into reinstalling an already-in-use key. The reinstallation forces the client to reset packet numbers containing a cryptographic nonce and other parameters to their initial values. KRACK forces the nonce reuse in a way that allows the encryption to be bypassed.”

As of now, Linux and Android appear to be the most susceptible since hackers can force network decryption without much effort. Windows and iOS are said to be relatively safe, for now. This means that government WiFi and large corporate networks have the highest risk of being attacked.

If you have a vulnerable access point, it’s highly recommended to hold off on WiFi until a patch is issued and to use a wired connection instead. Update patches immediately when they are released and if WiFi is the only option, make sure to use reliable protocols like HTTPS, Secure Shell, and STARTTLS to encrypt Web/email traffic between access point and client device.


Try Us

Free Trial    Watch Demo


For a hassle free 30 day trial, click the "Free Trial" button, download and deploy a copy of the appliance. No Credit Card required.