When you visit an air terminal or railway stations next time recall that perusing web utilizing general society Wi-Fi hotspot or wireless internet networks may abandon you helpless for digital assaults.
“Successful exploitation of these vulnerabilities allows an attacker to obtain sensitive information such as credit card numbers, passwords, chat messages, emails etc,” CERT-in said.
The government agency Indian Computer Emergency Response Team (CERT-in) has rated the vulnerability quotient of public Wifi in the country at ‘high’. It warned public against using public Wifi and suggested VPN (virtual private network) and wired networks instead. The organization’s announcement comes after Mathy Vanhoef, a security master at Belgian college KU Leuven, as of late found the shortcoming in the wireless security protocol WPA2, and distributed subtle elements of the imperfection.
What does Vanhoef’s report say?
An attacker within the range of a victim can exploit the weaknesses in WPA-2 using key reinstallation attacks (KRACKs) to read information that was previously assumed to be safely encrypted. Information such as credit card numbers, passwords, chat messages, emails, and photos can be stolen. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.
How does it work?
In this novel attack technique, an already-in-use key is re-installed, and then the key is reset which allows the encryption protocol to be attacked.
When a machine like a laptop or smartphone connects to a Wi-fi network, the two gadgets carry out a four-way handshake (network authentication protocol). For example: The process involves confirming that the user’s phone has the right password to connect to the network. It reinstalls an already-in-use key, which then resets the key and allows the encryption protocol to be attacked
What should you do to protect your device from cyber attack?
To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected, the report says.
No comments:
Post a Comment