Latest Update on KRACK (Key Reinstallation Attack): the flaw in WPA2 protocal for WIFI systems

Belgian researchers, Mathy Vanhoef and Frank Piessens — who recently issued warnings concerning a bug in the WPA2 protocol, a widely used system for securing Wi-Fi communications — have made tools available to “detect whether an implementaiton of the 4-way handshake… is vulnerable to key reinstallation attacks.” Standard protocols, such as “changing the password” will not mitigate this vulnerability.

 

Engineered Design Insider Cracker hacker using WPa2 Vulnerability hotspotsOil Gas Automotive Aerospace Industry Magazine

 

The researcheres emphasized: “luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point (AP), and vice versa. In other words, a patched client or access point sends exactly the same handshake messages as before, and at exactly the same moment in time. However, the security updates will assure a key is only installed once, preventing our attack. So again, update all your devices once security updates are available. Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!”

 

Engineered Design Insider hacker at workOil Gas Automotive Aerospace Industry Magazine

 

After the discovery of KRACK, the name given to the flaw in the system, the U.S. Department of Homeland Security Computer Emergency Response Team announced that the WPA2 protocol could be used to obtain personal information and read private communications over secure Wi-Fi. [See video below.]

Pre-shared password exploit

The problem with the system arose due to the protocol’s ability to connect devices with a pre-shared password. Vanhoef and Piessens explained that KRACK (Key Reinstallation Attack) “abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key.” These “Wi-Fi handshakes” are used to generate session keys, which had previously remained secure. However, attackers are now able to grant access by connecting new devices to the in-use key, which is accomplished by manipulating the system and replaying handshake messages.


Cryptography teacher Matthew Green of Johns Hopkins University stated that the flaw would likely result into “a slew of TJ Maxxes.” This was, of course, referring to a 2007 cyberattack that granted hackers access to network-connected cash registers.

Vanhoef and Piessens warned that the majority of Wi-Fi users are now vulnerable to hacking attempts due to the bug. “If your device supports Wi-Fi, it is most likely affected.” Furthermore, they stated that the attack has been shown to “occur spontaneously if certain handshake messages are lost due to background noise.” Additional information pertaining to the flaw can be found on their website www.krackattacks.com.

 

Engineered Design Insider Kracker hacker using KRACK vulnerability hotpspotsOil Gas Automotive Aerospace Industry Magazine

 

On a positive note, companies like Symantec and Microsoft have offered users protection against these attacks. Norton is offering services to encrypt traffic and protect connected devices from hacking and identity theft. Microsoft Corporation has also released a security update for Windows, stating that users who update their systems either manually or through automatic updates will remain protected. Additionally, sites and services providing content over strict HTTPS will encrypt traffic from the browser to the server, allowing continued access without the risk of attack.

Did you miss this?

Other Popular Stories

  • Manufacturing industry showed strength in May: RBC
  • Siemens Canada, Manitoba Hydro sign $800 million contract
  • World's largest twin engine Airbus A350-1000 passes extreme weather tests for hot weather above 40 degrees celsius
  • Manufacturing sales rebound in August; industry must "reinvent" itself to prosper
  • Researchers Discover Surprising Role for Water in Energy Storage
  • Japanese claim breakthrough in hydrogen storage technology
  • Demand for industrial real estate soaring in Canada: report
  • 100,000 watt laser firing 10,000 pulses per second would "deorbit" tons of dangerous space debris
  • Bombardier's Learjet 85 completes first flight
  • As the Tesla Model 3 enters production, oil companies revise estimates of EVs on the road upwards to 530 million by 2040
  • Engineering positions: what's in demand, what does it pay, what do you need to qualify? Top seven engineering positions
  • Microgrids coming to two Ontario power utilities
  • NASA and Nissan to build autonomous vehicles together
  • UC engineers create first semiconductor-free microelectronics device
  • Toyota celebrating 50 years in Canada with Special Edition Corolla S
  • If Keystone XL dies, will Energy East replace it?
  • Renault's autonomous float hover car by Yunchen Chai may be the automobile of the future — winner of a design competition from Renault
  • BC, Ontario economies to lead country into 2017
  • Ontario missing out on $billions from federal government: study
  • New oil extraction methods such as swept acoustic wave promise to increase yield
Scroll to Top