Major WiFi vulnerability found in WPA2 protocol, affecting many devices

WiFi is arguably one of the most pervasive forms of wireless protocols around, but a security researcher has discovered a flaw in the WPA2 security standard used in most modern devices.

The discovery was made by Mathy Vanhoef — so what does it entail?

“An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” read an excerpt of a post on the KRACK Attacks website.

The post added that this technique could be used to obtain credit card information, passwords, photos, emails and other personal information.

And no, changing the WiFi password would have no effect, as it’s not needed to carry out the attack.

A WiFi vulnerability affecting the WPA2 protocol puts millions of devices at risk

“Note that if your device supports WiFi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.”

As for Android phones? The research found the technique was especially effective against devices running Android 6.0 and higher, accounting for half of all Android phones on the market.

Does this mean a new WiFi security protocol is needed? Fortunately, not.

“…luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point (AP), and vice versa,” the research FAQ notes, adding that users need to update their devices.

Vanhoef also cautions users to keep using WPA2 rather than using older WiFi security protocols.

Featured image: Mike Mozart via Flickr (CC-BY 2.0, resized)