Microsoft | Oct 25, 2017 | Master3395
Android especially exposed.
WPA and WPA2, the encryption that will make sure that you connect securely to a WiFi network are hacked down and together.
This reports Telenor's security center, TSOC, about the error:
"A security researcher at the Belgian university KU Leuven has released details about a weakness that partially violates the security of the WPA2 protocol.
The attack takes advantage of the way WPA2 handles nouns or random cryptographic numbers. These numbers should initially only be used once, but the implementation allows these to be reused. The method has been named KRACK (Key Reinstallation Attack).
Both routers, mobile phones and PCs are vulnerable. It is imidlertidimum clients that are most vulnerable. To avoid being exploited, one can use VPN when using a WiFi network. 4G connections are also not vulnerable. "
Also Macs and iOS devices are subject to the attack method, but iOS is only exposed to one of the techniques. We await information about updates to iOS and macOS.
"The Wi-Fi Alliance" has thanked Vanhoef for the work and announces updates now, as the gap can be sealed with software updates:
"The error can be corrected with a simple software update. The WiFi industry, along with leading platform vendors, has already started rolling out bug fixes. Users can expect that WiFi devices, corrected or not, will work together in a good way. "
The organization claims there is no evidence that the hole is abused for malicious attacks.
All platforms can be attacked, in other words, all information transmitted over secured WPA2 networks can be read. WPA2 is standard encryption on routers, both at home and on public networks.
Android 6 and later, including Linux, are extra prone because the two are very easy to attack. The error, discovered by Mathy Vanhoef, describes it as "trivial" to snap up information from Android 6 or later.
Microsoft has corrected
Microsoft reports that they have already corrected the problem in supported Windows versions, but it is uncertain which update contains the fix, so we're unsure what versions are talking about. There will be more information later, promising the company.
"We have released a security update addressing this issue," explains a Microsoft spokesman for The Verge.
Google comes with update
Google reports that a malfunction will occur in the coming weeks to vulnerable devices. The Pixel devices will first receive the security update dated November 6, 2017.
Security experts claim 41 percent of Android devices are exposed. It will no doubt take time to update older devices, as Android is very fragmented.
Keywords: security, wifi
Sources: The Verge, Wi-Fi.org