Are Your WIFI Devices at Risk?
The wi-fi connections of businesses and homes around the world are at risk, according to researchers who have revealed a major flaw dubbed Krack.
A recent BBC Technology News article has highlighted concerns with an authentication system which is widely used to secure wireless connections. With experts saying it could leave "the majority" of connections at risk until they are patched!
Have a look at the video which simplifies the process in how WIFI is connected and how it can be hacked by cyber attacks:
Computer security expert from the University of Surrey Prof Alan Woodward said:
"This is a flaw in the standard, so potentially there is a high risk to every single wi-fi connection out there, corporate and domestic.
"The risk will depend on a number of factors including the time it takes to launch an attack and whether you need to be connected to the network to launch one, but the paper suggests that an attack is relatively easy to launch.
"It will leave the majority of wi-fi connections at risk until vendors of routers can issue patches."
Alan Woodward continued to explain that when any device uses wi-fi to connect to, say, a router it does what is known as a "handshake": it goes through a four-step dialogue, whereby the two devices agree a key to use to secure the data being passed (a "session key").
The attack begins by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. In doing this a number of important set-up values can be reset which can, for example, render certain elements of the encryption much weaker.
The vulnerability was discovered by researchers led by Mathy Vanhoef, from Belgian university, KU Leuven. According to his paper, the issue centres around a system of random number generation known as nonce (a number that can only be used once), which can in fact be reused to allow an attacker to enter a network and snoop on the data being sent in it.
Industry body the Wi-Fi Alliance said that it was working with providers to issue software updates to patch the flaw.
"This issue can be resolved through straightforward software updates and the wi-fi industry, including major platform providers, has already started deploying patches to wi-fi users.
"Users can expect all their wi-fi devices, whether patched or unpatched, to continue working well together."
It added that there was "no evidence" that the vulnerability had been exploited maliciously.
Read the full article on BBC here: http://twplc.uk/BBC-WIFIrisk