KRACK in the code: Software flaw affects security of nearly every Wi-Fi enabled device

October 17, 2017

Wi-Fi logo

Hacks and cybersecurity attacks are in the news so frequently—and the threats can be so abstract—that some people find it easier to tune out.

But the software vulnerability revealed Monday is worth paying attention to—the bug compromises the security of nearly every Wi-Fi-enabled device in active use.

Yikes.

The bug affects the ubiquitous WPA2 protocol that protects users by encrypting information that passes over wireless Internet networks—including passwords or financial or personal information.

WPA2 used to be the industry standard for security. But a researcher from the University of Leuven in Belgium identified a flaw dubbed the Key Reinstallation Attack, or KRACK, that allows a hacker to first clone a wireless network, then trick a user into entering their encryption key, and finally to decrypt the information previously sent over the secure network, or even forge new data to be sent.

“This sort of complicated crypto is a fertile area for bugs,” Johns Hopkins University cryptographer Matthew Green told WIRED in a report published today. “The problem is not so much that there are a ton of bugs in WPA2. It’s that it will be very hard to patch most low-cost consumer devices. So all it takes is one bad one to screw a lot of people up for years.”

Excerpted from The Hub.

Categories:

JHU Information Security Institute