Are you still wondering how hackers can bypass encryption to steal your private data? It’s no longer a mystery. In a short YouTube video posted Monday 16 Oct., Mathy Vanhoef, a security researcher explained in details every possible way your transmitted data could have been intercepted by hackers.
Vanhoef says all communications through wireless devices, especially on Android phones, can be compromised through a flaw he recently discovered in WiFi authentication.
Surprisingly, the hack takes about four minutes to complete.
The security expert referred to his newest discovery as KRACK, an acronym for “key re-installation attack.”
As Vanhoef explained in a highly educative log post, KRACK is capable of reading data transmitted between a device and the wireless network – even if the network is protected with a password or encrypted.
KRACK can easily breach the security in Wi-Fi Protected Access 2 (WPA2) which, distressingly, has been the encryption protocol used by most individuals and corporate organizations.
If consumers are no longer safe with their password-protected and encrypted wireless networks, what’s next? Vanhoef explained that KRACK permits hackers “…to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.”
He continued: “The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.”
After a group of Belgian researchers – Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven – claimed they’ve discovered the flaw on Monday, the U.S. Department of Homeland Security warned users to beware of cyber risks associated with the widely used system for securing Wi-Fi communications.
An alert from the DHS Computer Emergency Response Team advised individuals and companies to install vendor updates on affected products, such as routers provided by Cisco Systems Inc or Juniper Networks Inc.
WPA2, which secures modern Wi-Fi systems used by vendors for wireless communications between mobile phones, laptops and other connected devices with Internet-connected routers or hot spots, are prone to hacks. And every information means a lot to hackers.
“If your device supports Wi-Fi, it is most likely affected,” they said on the www.krackattacks.com website, which was set up to provide technical information about the flaw and methods hackers might use to attack vulnerable devices.
The group said in a statement that it had advised members to release patches quickly and recommended that consumers quickly install those security updates.
“We’re aware of the issue, and we will be patching any affected devices in the coming weeks,” a Google spokesperson told CNN Tech, according to a report from CBS Philly.
Microsoft said customers who have the latest Windows Update, launched last week, and applied the security updates, are automatically protected.
Apple confirmed the flaw has been patched on all its products and a fix will be available for everyone in the next few weeks.