KRACK Attack: Critical WPA2 Vulnerability Exposed
Posted: October 20, 2017 to News.
Security researchers have discovered a vulnerability in the WPA2 protocol leaving implementations open to attack. Being called Key Reinstallation Attack, or KRACK, it works by exploiting a weakness within the protocol, putting virtually all implementations of WPA2 at risk. So far it has been discovered to affect Windows, Apple, Android, Linux, Mediatek, and Linksys, among others.
The vulnerability takes advantage of the four-way handshakes that are used by WiFi networks to create a new session key. Hackers are able to trick a victim by manipulating and replaying handshake messages in order to get them to reinstall a key that is already in use. When this happens, parameters like the incremental transmit packet number and receive private number are then reset to their initial value.
While there has so far been no indication that this vulnerability has been exploited in the wild, security researchers are alerting vendors that it exists, which will hopefully lead to security updates in order to patch it. Until then, they suggest checking whether keys that are already in use are being installed or making sure that any individual key is only installed one time during the handshake execution.
Protect Your Business Today
Petronella Technology Group has provided cybersecurity, compliance, and managed IT services from Raleigh, NC for over 23 years. Contact us today for a free consultation and technology assessment.
Need help implementing these strategies?
Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
