WPA2 Security has been compromised! Your routers may no longer be safe from hackers and malware attacks.
There are various ways to protect a wireless network. Some are generally secure than others. Some, such as WEP (Wired Equivalent Privacy),are easily crackable and hence are out of date. We also would never recommend it as a way to keep intruders away from private networks. Now, a new study has made way in the International Journal of Information and Computer Security. It reveals that one of the previously strongest wireless security systems, Wi-Fi protection access 2 (WPA2) can also fall pray to hacks on wireless local area networks (WLANs).
Researchers claim to have found high-severity vulnerabilities in WPA2 (Wi-Fi Protected Access II). Surely a popular security protocol used by nearly every router on the planet. The vulnerabilities could potentially allow anyone near your router to eavesdrop on the Wi-Fi traffic transmissions in addition to network related activities.
Achilleas Tsitroulis of Brunel University, U.K. Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, U.K. have come together. They discover the vulnerabilities in WPA2 and present its weakness. This wireless security system might now be breached with relative ease by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware.
More details will be out at 8am EST (5:30pm IST) on Monday. The info will come with the CVEs about the vulnerabilities publication at the time. Meanwhile other details on a dedicated site called krackattacks.com, nomenclature after the proof-of-concept attack called KRACK (Key Reinstallation Attacks).
An advisory hand out by the US CERT (Computer Emergency Readiness Team), and obtained by Ars Technica, highlights the issue that will come to light on Monday.
US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.