Security Flaw Leaves Wi-Fi Devices Vulnerable to Hackers

Security Flaw Leaves Wi-Fi Devices Vulnerable to Hackers

The hole in Wi-Fi security affects the vast majority of Wi-Fi devices and networks.

  • By Sydny Shepard
  • Oct 16, 2017

At about 7 a.m. eastern this morning, security researchers revealed details of a new exploit called KRACK that takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between computers and wireless access points.

The security hole takes advantage of several key management vulnerabilities in the WPA2 security protocol, the popular authentication scheme used to protect person and enterprise Wi-Fi networks. The attack does not actually recover the victim's Wi-Fi password, it works by reinstalling the encryption key that's already in use which, due to a flaw in WPA2, can be used to remotely decrypt traffic.

Since this is a hole in the WPA2 protocol, it affects all devices in the same way.

"If your devices supports Wi-Fi, its most likely affected," researchers said.

So, this isn't good.

The United States Computer Emergency Rediness Team issued the following warning in response to the exploit:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

The exploit was found by security researchers Mathy Vanhoef, from the imec-DistriNet research group at the KU Leuven university, who said depending on the type of encryption protocols one uses, the attacks can range from bad to worse. In some cases, an attacker will only be able to decrypt your traffic while in others they be able to take over your connection completely.

For example, 41 percent of Android devices and Linux variants are vulnerable to a particularly nasty variant of the attack, which according to Vanhoef, "makes it trivial to intercept and manuplulate traffic sent by these Linux and Android devices."

Other devices, such as iOS, Windows 7, Windows 10 and OpenBSD are vulnerable to only the most basic of attacks.

As of this morning, the Wi-Fi alliance has issued a statement on the vulnerability:

This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. There is no evidence that the vulnerability has been exploited maliciously.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Keynote Speakers Announced for ISC West 2025

    ISC West, hosted in collaboration with premier sponsor the Security Industry Association (SIA), unveiled its 2025 Keynote Series. Featuring a powerhouse lineup of experts in cybersecurity, retail security, and leadership, each keynote will offer invaluable insights into the challenges and opportunities transforming the field of security. Read Now

    • Industry Events
    • ISC West

  • Study: Video Doorbells Have a 71% Service Attach Rate

    Parks Associates recently announced a new white paper, Consumer IoT Product Development: Managing Costs, Optimizing Revenues, which provides companies with a business-planning blueprint to evaluate how a consumer IoT solution will perform across its lifetime. Subscription services, such as video storage and professional monitoring, can be critical for covering ongoing cloud and support costs Read Now

  • Michigan City Fights Retail Crime With AI-Powered Video Surveillance, 911 Camera Sharing

    To combat persistent retail crime and deliver peace of mind to workers in the bustling North Leroy Street business district, the City of Fenton Police Department has deployed a new AI-powered video surveillance system with camera-sharing technology to accelerate response time during retail heists or other emergencies. Read Now

  • TSA Intercepts 6,678 Firearms at Airport Security Checkpoints in 2024

    During 2024, the Transportation Security Administration (TSA) intercepted a total of 6,678 firearms at airport security checkpoints, preventing them from getting into the secure areas of the airport and onboard aircraft. Approximately 94% of these firearms were loaded. This total is a minor decrease from the 6,737 firearms stopped in 2023. Throughout 2024, TSA managed its “Prepare, Pack, Declare” public awareness campaign to explain the steps for safely traveling with a firearm. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3