January 24, 2018

WiFi isn't safe: WPA2 Protocol broken by Belgian Researchers

16 October 2017, 08:38 | Dan Bryan

A WPA2 flaw means nearly all Wi-Fi connections could be ripe for hack attacks

Wi-fi WPA2 Security Broken

By inundating a wireless network with authentication handshakes, Vanhoef's research shows it's possible to figure out a 128-bit WPA2 key, through sheer volume of random number collection. It was regarded as safe and largely uncrackable, dynamically generating new keys to encrypt packets.

Attention has focused on WPA2 because it has, until now, been considered secure, and is by far the most widely used protocol to secure WiFi connections.

The WPA2 hack is alarming news, but Alex Hudson, chief technical officer at Iron, advises calm.

The vulnerability was uncovered by Mathy Vanhoef, a security expert at KU Leuven University in Belgium, who said attackers could exploit weakness in the standard itself - not in any products or implementations - to read encrypted data, and inject ransomware or malware into websites using a novel technique called a key reinstallation attack (Krack). The outlined attack works on all modern WiFi networks, and if your device supports WiFi then you are likely already affected.

Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and others are all affected by some variant of the attacks, called KRACK. However, the attack is more hard on those platforms.

He also notes that devices that are running Android or other Linux-based OSes are particularly vulnerable.

Google Just Unveiled the Home Mini to Challenge Amazon's Echo Dot
Instead, it'll only feature a few lights on top and a microphone switch on the back (as well as a micro-usb plug for powering it). The Google Home Mini was leaked a couple of times recently, so you knew it would play a part in Google's presentation today .

"The minute you do that, you negate this vulnerability", Rudis said.

In total, 10 CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks. In each case, the attacker can force a targeted device to re-install an already-in-use shared key, downgrading the key. The network the device is forced to connect to (the rogue network) will forward internet through it to another connection.

Reusing or recycling a nonce allows the attacker to decrypt and forge packets of information within the traffic stream, exposing user activity and data. This makes it "exceptionally trivial to manipulate and intercept traffic".

The site went on to warn that visiting only HTTPS-protected Web pages wasn't automatically a remedy for the risk.

In simpler terms, hackers can intrude on your network traffic. "The data transmitted by these devices could now be exposed". Such traffic will be encrypted on its own, and can not be read by the attacker. Vanhoef manages to steal the user's password and username. Home users advised to update their WiFi compatible devices including computers and smartphones. The researchers discovered that the WPA2 protocol does not guarantee each encryption key is only used once.

Even despite the news of a WPA2 hack as outlined at the top of this article, WPA2 is still said to be the most secure protocol. Vanhoef demonstrates such an attack by completely breaking the encryption on a connection between and Android device and the British website of, which did not set up HTTPS properly. The good thing is that all of this is patchable and can be fixed.

Other News

Trending Now

OC4: Oculus' Nate Mitchell On VR Hype - 'Expectations Got Ahead Of Themselves'
The Gear VR headset and controller will set you back £119 in the United Kingdom and still requires a high-end smartphone for use. Meanwhile, the release date of the Santa Cruz headset was something that Facebook executives at the show wouldn't commit to.

Piqué jeered by Spain fans after Catalan vote
Puigdemont said the low turnout was partly because many people wanted to vote, but were prevented by officials from doing so. Spain's interior minister said the 5,000 extra officers deployed to Catalonia would stay as long as necessary.

Astros vs. Red Sox 2017 live stream
The battered Red Sox left Minute Maid Park on Friday night looking like salmon swimming back upstream, ready to go home and die. The 30-year-old posted an 11-2 record on the road in the regular season, and he only gave 31 earned runs in his 17 road starts.

FIFA U-17 WC: President Wishes Black Starlets Well
The country's under-17 teams had enjoyed its best period during the 1990s, lifting the trophy in 1991 (Italy) and 1995 (Ecuador). This is just the start of the process. "I had told the team not to carry any baggage and not to play under any pressure".

Steelers back at home, ready for run-first Jaguars
The team is averaging only 3.2 yards per carry, which could be the ideal antidote for the Chargers' problems stopping the run. On Pittsburgh's next possession, the Steelers had second-and-10 from their 46 and used one receiver and three tight ends.

Hendricks outduels Strasburg, Cubs beat Nats
The first NLDS game this year is a contest between the defending World Series champion Chicago Cubs and the Washington Nationals . But I don't know, other than trying not to lose again, for me you realize you just got to get there".

Supreme Court takes up partisan redistricting case
By contrast, Roberts raised the specter of having the courts draw legislative and congressional district lines every decade. Some liberal justices wondered what would happen to voters if partisan gerrymandering made election results preordained.

Max Verstappen hoping for rain and not sandwiches at F1 Japanese GP
Hamilton re-joined in third, behind Daniel Ricciardo and Valtteri Bottas - both yet to change tyres. I'm really grateful the vehicle stuck in and I didn't make any mistakes".

Real Men Wear Pink campaign raises money for breast cancer awareness, research
Black women are twice as likely to be diagnosed with triple negative breast cancer , an aggressive form that's harder to treat. Local health officials want to see the mortality rate for breast cancer cut in half in the Tri-Cities over the next decade.

Ecuador 1 Argentina 3
Paulinho opened the scoring in the 55th minute, which was followed by Jesus strikes in the 57th and 90+3rd minutes. If Chile doesn't get a point, whichever team loses by less (or Chile if it's equal), takes fifth place.