Every WiFi router can now be hacked with “Krack” attack … No passwords are safe
03/07/2019 // Tracey Watson // Views

Most people have one blinking away on a shelf somewhere in their home. A WiFi router is as much a standard fixture in a modern home as a refrigerator or a microwave oven. And most of us believe that these devices are secure and safe from attack because of network security technology called Wireless Protected Access 2 (WPA-2). This technology has been used on all certified WiFi hardware since 2006, and uses the latest encryption standards to make hacking virtually impossible.

Or at least that is what was believed until recently, when researchers from the University of Leuven in Belgium discovered that all such “protected” WiFi routers are in fact vulnerable to hacking via Key Reinstallation Attacks (KRACKs).

The Telegraph explains that before this discovery, no hacker had ever managed to override the protection offered by WPA-2. However, the findings indicate that anyone within range of a Wi-Fi network can “inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.”

The research team warns that all modern WiFi networks are vulnerable to KRACK attacks, and that “if your device supports WiFi, it is most likely affected.” This is because the weakness is within the WPA-2 technology itself, rather than any particular device or product. Multiple different operating systems are therefore vulnerable, including Apple, Android, Windows, Linux, OpenBSD, Linksys, MediaTek and others.

Connecting a device to a secure network involves a complicated four-way “handshake” that encrypts traffic, preventing others from intercepting information sent between the two devices. It is this “handshake” that makes WPA-2 vulnerable to attack.

Brighteon.TV

Krack Attacks explains:

When a client joins a network, it executes the 4-way handshake to negotiate a fresh encryption key. It will install this key after receiving message 3 of the 4-way handshake. Once the key is installed, it will be used to encrypt normal data frames using an encryption protocol. However, because messages may be lost or dropped, the Access Point (AP) will retransmit message 3 if it did not receive an appropriate response as acknowledgment. As a result, the client may receive message 3 multiple times. Each time it receives this message, it will reinstall the same encryption key, and thereby reset the incremental transmit packet number (nonce) and receive replay counter used by the encryption protocol. We show that an attacker can force these nonce resets by collecting and replaying retransmissions of message 3 of the 4-way handshake. By forcing nonce reuse in this manner, the encryption protocol can be attacked, e.g., packets can be replayed, decrypted, and/or forged.

Since this is a “fundamental flaw” in the system itself, no amount of password changing can protect you. Fortunately, this type of hacking can only be done by somebody within close range of the router itself, which means that routers in private homes are less vulnerable. Using public networks at coffee shops and restaurants makes you far more vulnerable to attack. If you must use a public network check for the little gold padlock that shows the network is secure.

Certain websites, like banking and online shopping sites, use more secure technology, and can be identified by the little padlock that appears within the address bar.

Tech companies like Google and Apple have either already released updates to address the issue, or have promised to do so. Although such updates will make your network far more secure, techies are also encouraging internet users to “patch” – or update – their routers. (Related: Is your power strip spying on you? Complex hacking device looks like an extension cord.)

The researchers predict that tools will soon become available which will enable hackers to carry out such attacks, so it is best to get your router and software updated as soon as possible.

Discover other ways in which commonly used technology may be vulnerable to attack at CyberWar.news.

Sources for this article include:

Telegraph.co.uk

KrackAttacks.com

Telegraph.co.uk

LifeWire.com



Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NaturalNews.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.