Skip to main content

New WiFi Issue Could Affect Millions Of Users And Devices

By October 17, 2017June 21st, 2022Cybersecurity

Security researchers have found a new critical security flaw dubbed “Krack” (Key Reinstallation Attacks) that affects literally every WiFi router and smart phone in use today. The reason? The security flaw resides in the WiFi standard itself, rather than in a third-party product.

In addition to being vast in scope and scale, Krack is a particularly nasty, versatile flaw, allowing hackers to intercept credit card numbers, passwords, photos and a whole host of sensitive personal information.

It works like this: A hacker finds a vulnerable WPA2 network, and then makes an exact copy of it, including impersonating the MAC address. This clone then serves as a “man in the middle” allowing the hacker who controls it to intercept everything passing through it.

WPA2 encryption requires a unique key to encrypt each block of plain text, but because Krack attacks make a copy that’s indistinguishable from the original, they’re able to use the same encryption key.

As bad as that is, it gets worse for Android and Linux users. Thanks to a bug in the WPA2 standard, these devices don’t force the client to demand a unique encryption key with each use. Instead, they allow the key to be “zeroed out,” literally creating an encryption key containing all zeroes, which interferes with a key part of the handshake process.

In addition to that, hackers can deploy specialized scripts that can cause the connection to bypass HTTPS, which leaves passwords and other normally protected data exposed.

If there’s a silver lining, it is that the attack can’t be used to target routers directly, but honestly, that’s not much of a silver lining, because the potential damage this new vector could cause is virtually without limit.

Unfortunately, until a patch is released, there’s not much you can do, short of turning off WiFi altogether. This may work for smartphone users, but it is simply impractical for routers.

There’s some good news, though. The fix should be relatively easy to implement, although no ETA has been given at this point.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.