WiFi Protected Access 2 (WAP2), the current industry standard that encrypts traffic on Wi-Fi networks, is vulnerable to hackers using a technique called KRACK (Key Reinstallation Attacks) due to a flaw in the cryptographic protocols, according to a new research from security expert Mathy Vanhoef of KU Leuven in Belgium.
Hackers are able to steal sensitive data during the four-way handshake process. The encryption protocol can be attacked, and packets can be replayed, decrypted and forged.
There is little we can do to fix the problem. Fortunately, the researcher has already informed leading software suppliers. Microsoft has released programs to fix the loophole for Windows 7, Windows 8.1, Windows 10,Windows Server 2008,Windows Server 2012 and Windows Server 2016. Apple and Google said they were aware of the vulnerability, and would fix the problem as soon as possible.
Android phone users will be able to upgrade their software when the service provider releases a new program. Router manufacturers will also release upgrade programs soon.
How can users protect themselves from attack?
First of all, the threat isn’t that imminent because an attacker needs to be physically near a particular Wi-Fi network to carry out the assaults.
For the time being, phone users should cut off Wi-Fi connection and switch back to a 4G network when they handle sensitive information.
Also, if they access e-banking or other encrypted websites with Hyper Text Transfer Protocol Secure (HTTPS) or use some instant messaging software with encryption, they won’t be easily attacked.
This article appeared in the Hong Kong Economic Journal on Oct. 20
Translation by Julie Zhu with additional reporting
[Chinese version 中文版]
– Contact us at [email protected]