WPA2 (Wi-Fi Protect Access 2) is an online security protocol that offers protection to all latest Wi-Fi connections. However, not all the things are rosy with WPA2, as researchers have recently exposed a weakness in the protocol.
The hackers present within the range of vulnerable devices may gain access to users’ password and other sensitive information. When a user is visiting a particular website, the hackers may inject malicious content into the website.
According to the official announcement, hackers can exploit the flaw by using KRACK attack within the range of a victim. Furthermore, they can disclose the users’ email addresses, credit card numbers, chat messages and so on.
What is KRACK?
A security researcher, Mathy Vanhoef of imec-DistriNet, KU Leuven discovered the KRACK attack. KRACK, known as Key Reinstallation Attack, uses the third step of four-way authentication when your Wi-Fi client tries to connect to a secure Wi-Fi network.
During the step three, encryption key can be present multiple times. Hence, the attacker can break the Wi-Fi encryption key by collecting and replaying these retransmissions in a specific manner.
The above-mentioned video describes the attack on Google’s Android mobile operating system. Thus, the attacker can decrypt all the data sent by the phone to access point. This is because an all zero encryption key is reinstalled into the phone in place of the real key. The KRACKs attack targets Wi-Fi passwords including the actual Wi-Fi data.
What Should I Do to Secure Myself?
You cannot secure yourself by changing your Wi-Fi passwords only. You have to take precautionary measures that include:
- Update all your devices and operating systems to the latest versions
- Keep using WPA2 protocol since it is still the most secure protocol
- Use a VPN service to secure your Wi-Fi connections to the next level
- Visit HTTPS websites to protect your sensitive information like passwords and credit card number
- And, if all else fails, avoid Wi-Fi networks and instead use your network data