A widespread vulnerability has been discovered that could put any phone, computer or smart TV that supports a Wi-Fi connection at risk, according to security experts.
Mathy Vanhoef, who discovered the security weakness, stated that all modern connected Wi-Fi devices could be affected by a KRACK attack - anything from an Android phone to an Apple Mac. If it can connect to the internet through Wi-Fi, it could be vulnerable to this recently discovered man-in-the-middle hack.
What is a KRACK attack?
KRACK stands for Key Re-installation Attack. Vanhoef states, 'attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.'
'The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.' (Read Vanhoef's full statement here)
It should be noted that data which is already encrypted or secured (through IPSec or HTTPS) by other means remains secure.
How does the attack work?
The attack itself is quite complicated, but involves attackers intercepting a 'handshake' between the Wi-Fi client device and the protected network. The handshake is a four step process between the device and the network, where the connection is established and encryption enabled to preserve security.
During the third step of the handshake, an encryption key is sent between the device and the network. A KRACK attack works by forcing the encryption key to be resent multiple times. By collecting and replaying the transmissions a hacker can break the Wi-Fi security encryption, relieving you of your security online.
How can I protect my devices?
This vulnerability, although widespread is actually quite difficult for hackers to exploit. The perpetrator would need to be in range of a specific target, and the hack would also require fairly extensive preparation. This doesn't mean that it's impossible for hackers to eavesdrop on your internet use, but it does mean it's quite unlikely that it's already happening.
There's even more good news here; if you're using a correctly configured HTTPS (you can check this in your address bar, look for the little padlock) you are still protected against this kind of attack. You can use HTTPS everywhere if you're concerned about the security of certain sites.
As expected, the tech heavyweights are rushing to create patches for this bug. ZDNet are updating the list of companies that have issued statements and updates, which you can check here. The best thing you can do as an internet user is make sure you have automatic updates turned on for all of your devices where possible, or keep manually installing updates as they come in.
For Transcendit's support customers, our team have investigated whether this is an issue for their systems and have identified affected systems along with what action is required. The majority of systems we provide are not affected, or updates have not been released. We are in the process of upgrading those affected where updates are available.
If you're concerned about this attack, give our support team a ring on 0191 482 0444
