Security flaw leaves all Wi-Fi traffic open to eavesdropping

17th October 2017
Source: KU Leuven
Posted By : Enaie Azambuja
Security flaw leaves all Wi-Fi traffic open to eavesdropping

KU Leuven researchers have discovered serious weaknesses in a protocol that secures all protected Wi-Fi networks. Attackers can exploit these flaws to steal credit card numbers, passwords, and other sensitive information. Researcher Mathy Vanhoef (Department of Computer Science / imec-DistriNet) detected the weakness by performing a novel type of attack against the so-called 4-way handshake of the WPA2 protocol, which secures all protected Wi-Fi networks.

Whenever someone joins a Wi-Fi network, it executes this 4-way handshake to produce a fresh encryption key for all subsequent traffic. To guarantee security, a key should be installed and used only once.

But in a key reinstallation attack (KRACK), attackers trick a victim into reinstalling an already-in-use key. As a result, they can steal sensitive information or, depending on the network configuration, inject malware into a website.

All modern protected Wi-Fi networks currently use the 4-way handshake. This means that all these networks are vulnerable, and that any device that uses Wi-Fi is most likely vulnerable.

Does that mean we should all change our Wi-Fi passwords? Vanhoef: “Changing the password of your Wi-Fi network does not prevent attacks. Instead, users have to update all their devices as soon as security updates becomes available.”

You must be logged in to comment

Write a comment

No comments

Sign up to view our publications

Sign up

Sign up to view our downloads

Sign up

European Microwave Week 2019
29th September 2019
France Porte De Versailles Paris
Connected World Summit 2019
22nd October 2019
United Kingdom The Business Design Centre, London
IoT Solutions World Congress 2019
29th October 2019
Spain Barcelona