Researchers at the University of Leuven (KU Leuven) in Belgium have discovered a severe flaw in the WPA2 protocol that enables hackers within range of a vulnerable device or access point to intercept passwords and other sensitive data presumed to be shielded by the Wi-Fi encryption protocol.
The researchers say the Key Reinstallation Attack (KRACK) exploit targets the core WPA2 protocol itself and can be waged against devices running Android, Linux, and OpenBSD.
KRACK attackers can deceive such devices to reinstall an all-zero encryption key instead of the actual key, forcing the client to reset packet numbers containing a cryptographic nonce and other parameters to their initial values. This causes the nonce to be reused in a manner that permits circumvention of encryption.
KU Leuven's Mathy Vanhoef warns the flaw also can be used to infect websites with ransomware or other malware, and the vulnerability will likely be most threatening to large corporate and government Wi-Fi networks.
From Ars Technica
View Full Article
Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA
No entries found