A recently discovered vulnerability could allow attackers to intercept sensitive data being transmitted between a Wi-Fi access point and a computer or mobile device, even if that data is encrypted. The flaw, known as KRACK, affects WPA2, a security protocol widely used in most modern Wi-Fi devices.
Use a paperclip or a similar thin, firm object to press down and hold the reset button for 10 seconds while device is connected to power. If unsure of when to release the reset button, information on what to watch for is provided in each device's Quick Start Guide. Release the button. Jan 02, 2014 They have forum in chinese and malay too. I have no IT background. But i tried it on my unifi and its really do crack password in 3hrs for 8 digits WPA2. WEP just in couple minutes. Now for my own safety, i keep changing password once a week and use long characters as i can. Wifi also can detect from 2-10km away!!
In some cases, a hacker could exploit KRACK to inject malware such as ransomware into websites, according to KU Leuven’s Mathy Vanhoef, the researcher who discovered the vulnerability. Vanhoef’s findings were reported by tech site Ars Technica early Monday morning.
Here’s an overview of what to know about the vulnerability, and how you can protect your devices.
What is KRACK?
KRACK is an acronym for Key Reinstallation Attack. It involves an attacker reusing a one-time key that’s provided when a client device attempts to join a Wi-Fi network. Doing so could enable the hacker to decrypt information being exchanged between the access point and the client device, which could leave personal details like credit card numbers, messages and passwords exposed, as Vanhoef notes.
Read more:You Can Now Hack the SNES Classic to Add More Games
Here’s how and why the process and hack can happen, as described on Vanhoef’s website: When a device joins a protected Wi-Fi network, a process known as a four-way handshake takes place. This handshake ensures that the client and access point both have the correct login credentials for the network, and generates a new encryption key for protecting web traffic. That encryption key is installed during step three of the four-way handshake, but the access point will sometimes resend the same key if it believes that message may have been lost or dropped. Vanhoef’s research finds that attackers can essentially force the access point to install the same encryption key, which the intruder can then use to attack the encryption protocol and decrypt data.
Who’s affected?
Vanhoef warns that any device that supports Wi-Fi is likely affected by KRACK, but that Linux-based devices as well as Android devices running version 6.0 or higher of the Android operating system are especially at risk. At the moment that includes more than 40% of Android devices.
![Crack Crack](/uploads/1/2/4/6/124607317/796094702.jpg)
Vanoef demonstrated a proof of concept illustrating how exploitations using the KRACK technique are possible. But on his website, he cautions that he’s “not in a position” to determine whether such attacks are actively being used.
What should I do about it?
To protect yourself from falling victim to a KRACK attack, you should update Wi-Fi devices like smartphones, tablets and laptops as soon as updates become available, Vanhoef says. If possible, users are also advised to update their router’s firmware. Microsoft has already released a security update to address the issue, reports The Verge. The Wi-Fi Alliance, a network of companies that make Wi-Fi devices and define Wi-Fi standards and programs, has said that platform providers have already started deploying patches to address the issue.
The Leadership Brief. Conversations with the most influential leaders in business and tech.
Thank you!
For your security, we've sent a confirmation email to the address you entered. Click the link to confirm your subscription and begin receiving our newsletters. If you don't get the confirmation within 10 minutes, please check your spam folder.Read Next
Samsung's Galaxy S20 Ultra Can't Deliver On the Hype