Skip to main content

"KRACK" BUG SPITS TERROR ON WIFI

 use Wi-Fi every day -- you may even be on it right this very moment -- and that means the device you're using is at serious risk of being hijacked.

Researchers have discovered a flaw in the security protocol that's a fixture in almost every modern Wi-Fi device, including computers, phones and routers, reported ZDNet on Monday.

A weakness in the WPA2 protocol, meant to protect both wireless networks and devices, was discovered by computer security academic Mathy Vanhoef, and is being nicknamed "KRACK," short for Key Reinstallation Attack.

The bug ultimately could allow hackers to eavesdrop on network traffic -- bad news for anyone sending sensitive or private information over a Wi-Fi connection. These days, that's pretty much all of us, although this could hit businesses using wireless point-of-sale machines particularly hard.

It's yet another weak spot in the wireless connections now woven into the fabric of daily life. Just last month, for instance, a security company flagged a flaw that could let malware hit more than 5 billion devices via their Bluetooth connections.

And it comes on top of a seemingly endless string of bad news in general about security vulnerabilities, whether still in a potential state or actually exploited by hackers. In May and June, ransomware attacks locked up computers around the world, demanding, payment from people and companies in return for renewed access to vital information and systems. More recently came the hack at Equifax, which compromised the person details of 145 million Americans, and the latest shoe to drop in the matter of Yahoo's massive hack, which hit a breathtaking 3 billion accounts.

In the case of KRACK, hackers would have to be within physical range of a vulnerable device to take advantage of the flaw, but if they're in the right spot, they could use it to decrypt network traffic, hijack connections and inject content into the traffic stream.

To do so would involve effectively impersonating a user who had already been granted access to the network so as to exploit a weakness in the secure four-way handshake that acts as its gatekeeper.

"All Wi-Fi clients we tested were vulnerable" to an attack on that handshake, Vanhoef wrote.

For more on KRACK, what it means for businesses and what to do about it, head over to our sister site ZDNet.



Comments

Popular posts from this blog

BILL GATE SETTLES FOR THE ANDROID PHONE

Windows Phone has been  dead for a good year now , and Microsoft co-founder Bill Gates has decided it’s also time to move on. In an interview with  Fox News Sunday  ( spotted by  On MSFT ), Gates reveals he’s now using an Android phone. While Gates doesn’t reveal the exact model, he does note that it has “a lot of Microsoft software” on it, which could suggest it’s a special  Microsoft Edition Samsung Galaxy S8 handset  with bundled software. Microsoft started selling the Samsung Galaxy S8 handset in its retail stores earlier this year, and it includes apps like Office, OneDrive, Cortana, and Outlook. Any Android phone also supports these apps, but Microsoft’s customized S8 does suggest the company might continue to offer this for other Android devices in the future. While Gates is switching to Android, he’s still not interested in an iPhone. Gates famously banned iPhones and iPods at home in the past, but h...

TWITTER HAS AN UNLAUNCHED ENCRYPTED MESSAGE FEATURE

Buried inside Twitter’s   Android app is a “Secret conversation” option that if launched would allow users to send encrypted direct messages. The feature could make Twitter a better a home for sensitive communications that often end up on encrypted messaging apps like Signal, Telegram, or WhatsApp. The encyrpted DMs option was first spotted inside the Twitter for Android application package (APK) by Jane Manchun Wong. APKs often contain code for unlaunched features that companies are quietly testing or will soon make available. A Twitter spokesperson declined to comment on the record. It’s unclear how long it might be before Twitter officially launches the feature, but at least we know it’s been built. The appearance of encrypted DMs comes 18 months after whistleblower Edward Snowden asked Twitter CEO Jack Dorsey for the feature, which Dorsey said was “reasonable and something we’ll think about”. Twitter has gone from “thinking about” the feature to prototyping it...

HOME GADGETS EVERYONE MUST HAVE

A smart speaker or a smartphone. What gadgets have you got at home? We are here to inform you of some lesser known gadgets that are worth pimping out your home with. Covering everything from home security to data storage, put these on your shopping list the next you work through your home electronics budget. NAS A network attached drive or NAS is a box housing a couple of hard drives connecting to your router. Either through Wi-Fi or ethernet cable. That means that transfer speeds are faster when using a network attached drive. It also means you can get your data from anywhere in the world wide web or another computer. As a bonus they can automatically create backup copies of entire disks too. You could make your lifetime of crucial academic work or your family photo album or your iTunes music library available to every device on your home network. And even have access to these files when you’re away from home.  Nas drive comes with a software to help your setup and secure...