Android Users: Be aware of Krack Attack
WiFi security flaw allows hackers to steal bank info, credit cards and other vital information
We often report on the latest security news and updates on the Mantralogix blog. Our primary goal is to always keep you up-to-date with the most recent vulnerabilities and security information, to educate and remind businesses across North America that they should always take extra precautions in this day and age.
In the last few weeks, the latest security flaw, known as “key reinstallation attacks,” or “Krack Attacks, is found in the WPA2 WiFi encryption protocol that potentially allows hackers to intercept your vital information. From credit card information to passwords, photos, and other highly sensitive personal information, the flaws are found in the WiFi standard and non-specific products.
What does this mean?
Every single router, PC, and smartphone out in the universe is impacted. While attacks against Android 6.0 or higher and Linux devices are particularly vulnerable, claims Krack Attack founders KU Leuven University’s Mathy Vanhoef and Frank Piessens.
How does it work?
Attackers enter into particularly vulnerable WPA2 networks and make a carbon copy of it. Through impersonating the MAC address, then changing the WiFi channel, the fake network becomes a sort of “man in the middle”. When any other devices attempt to connect to the original network, it is forced to bypass it to connect to the fake one.
To test out the hack, researchers did a “proof-of-concept” attack on Android devices. They decrypted all of the victim’s transmitted data. It’s important to note that this will “not work on a properly configured HTTPS site,” but can work on a “significant fraction” that lacks a proper setup. Windows, MacOS and other operating systems are also affected to a much lesser extent.
What can you do?
As discussed in previous security-related posts, taking immediate action will help you avoid a terrible situation down the line. Another helpful tip is to turn off your WiFi on all Android devices until fixes are offered. Beyond that, make sure to keep safe by sticking only to proven HTTPS security. And remember that any hacker that would like to eavesdrop on your traffic or access your data has to be nearby to access your data network.
Where can you find more information?
For a more detailed look at the hack, check this FAQ from Aruba Networks. You can also contact us at Mantralogix for more information on how to stay safe.