Mathy Vanhoef, a Postdoctoral Researcher in Computer Security at KU Leuven, recently published a video demonstrating a severe vulnerability in WPA2 networks (clickable link).
What is Krack?
WPA2 is the standard protocol for accessing wireless networks. Krack is a vulnerability that targets devices using this protocol. The video demonstrates how this vulnerability could be exploited to allow the hacker to access sensitive information on Android and Linux devices. This type of exploit is referred to as a “Man in the Middle Attack”. The attackers place themselves in the middle of a device and the router, allowing them to eavesdrop on said device’s web traffic. This could potentially allow an attacker to have access to any sensitive information entered on a web form, such as passwords and credit card information.
How to protect yourself?
This vulnerability is exclusive to wireless networks, so we recommend avoiding public Wi-Fi networks for the time being. Restaurants and stores that offer free Wi-Fi to the public would be the main networks to avoid. Any public network that receives a large amount of web traffic will be the first networks targeted by this exploit. If your computer at home uses Wi-Fi, consider running an Ethernet cable from your computer to the router. Expect to receive notice of a firmware update from your router’s manufacturer in a few days and update your router as soon as possible.
How to know if you are accessing a potentially dangerous website?
In the video, Vanhoef uses his script to target Match.com. Around the 3:08 mark, you will notice after the script was ran the ‘https’ disappeared. This is very serious. When ‘https’ is not appended to a website, the information entered into the site is not encrypted. This means the hacker who set up the vulnerability can see exactly what information a user puts into a website. A good rule of thumb is to check for the ‘https’ anytime you are about to put sensitive information into a website, such as a username/password, credit card information, or addresses information. A secure site should be configured not to serve an ‘http’ or unencrypted version of ‘https’ content. This means if you are targeted and get redirected to a site which has been ‘stripped’ of its SSL certificate (the ‘s’ in ‘https’), the website should not display any content. As we saw in the video, after https://uk.match.com was stripped to uk.match.com, the site was still being served to users.
Do you have further questions or concerns regarding this topic? Please don't hesistate to reach out to a team member at Juvo Web by emailing: firstname.lastname@example.org or simply calling us at 405-334-4317. We want to make sure you are taken care of and understand the appropriate precautions to take! - Juvo Team