Computerworld: How to crack KRACK

Computerworld: How to crack KRACK

How to crack KRACK: Action plan from Malaysian security experts

KRACK – When alerting Computerworld Malaysia about the exploit, former white hat hacker turned financial security consultant LGMS director,  Fong Choong Fook (pic below), summed it up as: “If you are using Wi-Fi in office or home, you are vulnerable.”

Krack – which stands for Key Reinstallation Attacks – is the name of a major vulnerability in Wi-Fi routers’ WPA2 security protocol uncovered recently by researcher Mathy Vanhoef.

WPA2, which replaced the WEP protocol in about 2003, was created by the Wi-Fi Alliance to cover up eavesdropping on what websites your computer is trying to access. The flaw in WPA2 will allow “man-in-the-middle” eavesdropping attacks, as well as possible ransomware and other malicious code injections, Vanhoef has said in various media reports. Krack may allow attackers to steal credit card numbers, passwords, chat messages, emails, photos, and so forth.

“Researchers will be presented more detail in the coming Black Hat Europe hacking conference,” said Fong. “The attack, in particular is targeting the weakness in the WPA2 protocol. WPA2 is widely use in the Wi-Fi access points today. Most, if not all Wi-Fi networks today are using WPA2 one way or another. Wi-Fi users are advised to update their wireless access points and their computer immediately.”

“Microsoft Windows have released the patches; however popular network device manufacturers such as D-link and TP-link have yet [at the time of this interview] to release any firmware update at this moment of writing,” he said. “The fixes need to apply in both ways, the Wi-Fi client (e.g. Microsoft Windows) and the Wireless Access Point (e.g. D-link Wi-Fi router).”

Article from ComputerworldMalaysia.

 

You may also find other interesting LGMS News at the following links:

AI FM: iPhone X 和脸部识别系统
Sputnik Radio: Many Ways to Bypass Facial Recognition Technology’ in iPhoneX
AI FM: 网络安全与隐私
98.8 FM: Sarahah被爆泄露隐私