Security Flaw in WPA2
Category : Blog
Security Flaw in WPA2
Security flaw in WPA2, the security protocol for most modern WiFi systems could make it easily possible for the attackers to steal all sorts of sensitive data such as credit card numbers, passwords, emails etc – said by Researchers at Belgian university KU Leuven.
Wifi systems could be vastly affected by the WPA2 flaw.
In fact the security flaw also could permit an attacker to vaccinate or influence information in the system, depending on the network configuration – for example, inoculate ransomware or other malware into websites being used only because of the security flaw.
Widespread Impact
According to the researchers, a sequence of susceptibilities was found in Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and other systems. Users will have to update affected products the moment patches become available, to fix the issue.
The research has been presented at the ACM Conference on Computer and Communication Security, which took place from October 30 to November 3 in Dallas, and will have its presence at the Black Hat Europe conference in December.
According to the company, it was wise to withdraw from disclosing the flaw in order to sanction other vendors some more time to develop and release updates.
As a proof of concept, the DistriNet researchers implemented a significant reinstallation attack (KRACK) against an Android smartphone, stating that Linux and Android 6.0 or higher were predominantly susceptible. Both operating systems can be conned into reinstalling an all-zero encryption key.
The focal attack is against the four-way handshake of the WPA2 protocol, according to the researchers. The handshake takes place when a user wishes to join a secure WiFi network and the protocol is used to approve that the client and access point have the accurate credentials.
Most Popular Training Courses at Indian Cyber Security Solutions
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Tester Training
Diploma in Web Application Security
Certified Web Application Penetration Tester