The tech world was struck by the invention of Mathy Vanhoef. The Belgian security researcher from Katholieke Universiteit Leuven last weekend publicized the findings of a security hole that could break into a Wi-Fi wireless internet network, although it protected the W-Fi Protected Access II (WPA2) security protocol.
Named the key re-installation attack aka "Krack", this security gap can be used to tap various kinds of information sent by the client device to the internet via Wi-Fi network.
"This can be used to steal sensitive data such as credit card numbers, passwords, chat messages, emails, photos, and more," said researcher Mathy Vanhoef in the site devoted to the source of information about Kracks.
The Krack impact scale is enormous, as it includes all electronic devices that have Wi-Fi capability with WPA2. The number of millions, if not billions, ranging from handheld devices, computers, to a smart refrigerator.
"This weakness exists in the WI-Fi standard itself, not in specific products or implementations individually, so any WPA2 implementation must be affected," Vanhoef continued.
"If your device has Wi-Fi, then most likely have a security hole."
Handshake
How does Krack work? When a client device wants to connect to a protected Wi-Fi network, a 4-way handshake process will take place to ensure that both parties have the same password.
At the same time, 4-way handshakes are also used to generate encryption keys that will be used in data traffic encryption between client devices and access points. It is this key that is targeted through the crack of security Krack.
"To ensure security, security keys can only be installed and used once, unfortunately it is not guaranteed by the WPA2 protocol, and by manipulating cryptographic handshakes we can exploit those weaknesses," Vanhoef said.
No comments:
Post a Comment