The bug already has its own nickname: KRACK
Bill Hinton#74239Wi-Fi: it’s a technology that most of use every day and it’s now at serious risk of being hijacked.
Security researchers have discovered a flaw in the security protocol used by almost every modern Wi-Fi device, including computers, phones and routers, which puts them all at risk of attack, reported ZDNet on Monday.
A weakness in the WPA2 protocol, which is used to secure most wireless networks and devices, was discovered by computer security academic Mathy Vanhoef, and is being nicknamed “KRACK”, short for Key Reinstallation Attack.
The bug ultimately could allow hackers to eavesdrop on network traffic — bad news for anyone sending sensitive or private information over a Wi-Fi connection. These days, that’s pretty much all of us, although this could hit businesses using wireless point-of-sale machines particularly hard.
Hackers would have to be within physical range of a vulnerable device to take advantage of the flaw, but could use it to decrypt network traffic, hijack connections and inject content into the traffic stream.
To do so would involve effectively impersonating a user who had already been granted access to the network so as to exploit a weakness in the secure four-way handshake that acts as its gatekeeper.
For more on KRACK, what it means for businesses and what to do about it, head over to our sister site ZDNet.
