Tutorials/Tips

What you need to know about KRACK vulnerability

This week security researchers announced a newly discovered vulnerability dubbed KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. This is a bad vulnerability in that it likely affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time. Yet in light of the sometimes overblown media coverage, it’s important to keep the impact of KRACK in perspective: KRACK does not affect HTTPS traffic, and KRACK’s discovery does not mean all Wi-Fi networks are under attack. For most people, the sanest thing to do is simply continue using wireless Internet access.

The limited privacy goals of WPA:

It’s worth taking a step back and remembering why a cryptographic protocol like WPA was developed to begin with. Before the advent of Wi-Fi, computers typically connected to their local Internet access point (e.g. a modem) using a physical wire. Traditional protocols like Ethernet for carrying data on this wire (called the physical layer) were not encrypted, meaning an attacker could physically attach an eavesdropping device to the wire (or just another computer using the same wire) to intercept communications.

Related Post:  Robotic Process Automation for Professionals

Most people weren’t too worried about this problem; physically attaching a device is somewhat difficult, and important traffic should be encrypted anyways at a higher layer (most commonly a protocol like TLS at the transport layer). So Ethernet was unencrypted, and remains so today.

Related Post:  How Artificial Intelligence is influencing the gaming world

With wireless protocols it became much easier to eavesdrop on the physical layer. Instead of attaching a device to a specific wire, you just need an antenna somewhere within range. Continue reading

KRACK attack

Please share:

We Recommend These Services

Register now for Big Data & AI Conference, international Big Data and AI conference in Dallas, TX (USA), June 27 - 29, 2019

Reasons to use control panel for your server

Register for the End-to-end Machine Learning with TensorFlow on Google Cloud Platform workshop. It will be conducted by the manager of Google's Cloud AI Advocacy team

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).


Leave a Comment

Your email address will not be published. Required fields are marked *

*