Wi-Fi, the wireless local area networking technology practically all of us use daily, is now in trouble. A security protocol located in most modern Wi-Fi device including phones, laptops, and routers has been broken.
The WPA 2, a common security protocol used in most modern wireless networks has been cracked by the bug, known as “KRACK” for Key Reinstallation Attack.
A computer security academic, Mathy Vanhoef identified the flaw and said that the protocol’s four-way handshake contains the fault which securely allows new devices with a pre-shared password to join the network.
The several key management vulnerabilities in WPA2 can allow an attacker to decrypt network packet replay, hijack TCP connection, and inject HTTP content into the traffic stream. In simple words, hackers can hackers can intrude in your network traffic.
The bug completely breakdowns the WPA2 protocol for both personal and enterprise devices creating risk for every supported device.
US Homeland Security’s cyber-emergency unit US-CERT confirmed the news of the susceptibility which around two months ago had confidentially warned vendors and experts of the bug.
The flaw is found in cryptographic nonce a randomly generated number used only to prevent replay attacks. In this case, an intruder can force a victim to reinstall a key that’s already in use. Reusing the nonce can offer an opponent to attack the encryption by decrypting, replaying, or forging packets.
So users should not use Wi-Fi until this issue is fixed, partially, users should use HTTPS connections and a good VPN for security purposes. Some routers will receive firmware updates but many home users might not know the application process.