The new attack was named KRACK, which is short for “Key Reinstallation AttaCKs”. The attack was detected by Dr. Mathy Vanhoef, a data security specialist, a research fellow at the University of Leuven. The details of this attack were accurately provided by Dr. Vanhoefa on the Krackattacks.com website, but we will explain what the attack is, and why it is dangerous for everyone on the wireless network. We will also tell you what countermeasures can be taken to minimize the risk that we will become a target.
The main problem with the KRACK attack is that vulnerabilities are detected in the WPA2 protocol itself, not in specific devices. This means that vulnerable networks are practically all networks using key encryption using WPA2. Potential attackers may use a read-only vulnerability that should be encrypted with the correct implementation of the protocol. Depending on the configuration of the network, it is possible not only to eavesdrop on the seemingly protected network but also to infect it and manipulate data. The following video shows the course of this attack.
The details of the vulnerability have not been revealed for the time being, mainly because it does not facilitate the cybercrime task. But there is nothing to delude. As it is already known that there is a very “promising” gap in such commonly used protocol as WPA – criminals will try to quickly get to know about it.
How can we defend ourselves? First and foremost, an attack is very difficult when you use a network that exchanges encrypted information. For example, if we use the internet over a wireless network, we should only use services that send encrypted (HTTPS) information, which makes it difficult to listen to broadcasts, even if someone has access to our network.
This is, of course, a half-measure. A much better solution is to update the firmware of the router. Manufacturers of these devices already know the problem and are working on appropriate code fixes to counter the vulnerabilities exploited. Nevertheless, it takes time. You should monitor the manufacturer’s website of your router to verify that new software is available for your router model. If so, update soon.