Customers who apply the update, or have automatic updates enabled, will be protected."Ĭisco also said it had published a security advisory to detail which products are affected, and a blog to help customers better understand the issue. Microsoft confirmed it had rolled patches out already: "We have released a security update to address this issue. A Google spokesperson wrote in an email to Forbes: "We're aware of the issue, and we will be patching any affected devices in the coming weeks." The US Computer Emergency Response Team (CERT) has released an advisory, which notes a number of affected vendors, including Cisco, Intel and Samsung, amongst many other major tech providers.Ī range of vendors have promised updates are already available or will be soon. Given the range of devices affected, it's almost guaranteed patches won't make it to everyone. He recommended users get in touch with the relevant vendors to find out when patches are coming. Indeed, Vanhoef said it's more urgent for general users to patch their personal devices, whether phones, PCs or any smart device, be they watches, TVs or even cars. Note that devices such as laptops and smartphones will require updates as well as routers. For now, it looks as if some manufacturers are pushing out updates, which should go some way to preventing attacks. It turns out that in WPA2, it's possible for an attacker to manipulate the handshakes so that the keys can be reused and messages silently intercepted.įor that reason, users may want to be wary of using Wi-Fi at all until patches are widely rolled out. Every key should be unique and not re-usable, but a flaw in WPA2 means a hacker can tweak and replay the "handshakes" carried out between Wi-Fi routers and devices connecting to them during those handshakes, encryption keys made up of algorithmically-generated, one-time-use random numbers are created. More specifically, the KRACK attack sees a hacker trick a victim into reinstalling an already-in-use key. What's behind the vulnerability? It affects a core encryption protocol, Wi-Fi Protected Access 2 (WPA2), relied on by most Wi-Fi users to keep their web use hidden and secret from others. For example, an attacker might be able to inject ransomware or other malware into websites." Depending on the network configuration, it is also possible to inject and manipulate data. The attack works against all modern protected Wi-Fi networks. ![]() Vanhoef's description of the bug on his KRACK website is startling: "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. ![]() Researcher Mathy Vanhoef, from Belgian university KU Leuven, released information on his hack, dubbing it KRACK, for Key Reinstallation Attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |