The vast majority of internet users don’t really worry about Wi-Fi security even though they should, it’s critical in this day and age. Security researchers have discovered a new exploit called KRACK that can take advantage of weaknesses in Wi-Fi security to enable attackers to listen in on the traffic between devices and wireless access points.

“If your device supports Wi-Fi, it is most likely affected,” the researchers said. The KRACK exploit leverages multiple key management vulnerabilities in the WPA2 security protocol, the most popular authentication scheme that’s used to protect both private and enterprise Wi-Fi networks.

They pointed out that 41 percent of all Android devices out there are vulnerable to an “exceptionally devastating” iteration of the Wi-Fi exploit. All other Wi-Fi devices are vulnerable to some extent. Attackers can use the exploit to run malicious code on the devices and for data theft when they’re within range.

However, it’s known at this point in time that the vulnerabilities that have been reported are actually being used by attackers. The researchers say that all Wi-Fi clients and access points should be patched if fixes are available and that users should continue to use WPA2 until then.

Additional details of the exploit have been provided at krackattacks.com, the team of researchers is going to formally present the vulnerabilities on November 1st at a security conference in Texas.

Filed in General. Read more about Hacking and _cold.

User Comments