Wireless Devices Subjected to Risk of Hacks with Wi-Fi Security Flaws
WiFi technology has become an indispensable part in our everyday lives. It has grown from a promising technology for tech-savvy early adopters to a must have for connected devices of all kind, as most of us are keen to tap into the wireless Internet from our offices and homes. At this point, researchers have revealed that there is a major flaw dubbed Key Reinstallation Attack (Krack) and Wifi connections used everywhere around the world are at risk.
Though modern higher-reliability Wi-Fi networks have their traffic encrypted by a protocol WPA or WPA-2, which protects data as it travels from a computer or smartphone to a router, if exploited, gives the attacker a skeleton key to access any WPA2 network without a password. When a system uses Wifi to connect to a router for instance, it goes through a four-step dialogue, whereby the two devices agree a key to use to secure the data being passed—called handshake. This attack starts by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. Meanwhile, a number of important set-up values can be reset, which renders certain elements of the encryption in a much weaker phase. Once they are in, they can hijack connections, and inject content into the network traffic stream. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices—positioning all the Wifi supported devices at risk.
Windows and the advanced versions of Apple’s iOS are greatly protected from the flaws, according to a researcher. To cite an example, few months back the ransomware attacks locked up computers worldwide, demanding payment from people and companies in return for renewed access to vital information and systems. However, with all these flaws the trend in Wi-Fi dependence is not slowing down, it is rather significantly increasing with greater consumer expectation.
By Debra Jensen, CIO, Charlotte Russe
By Phil Jordan, CIO, Telefonica
By Alberto Ruocco, CIO, American Electric Power
By Sven Gerjets, SVP-IT, DIRECTV
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Mike Fitton, Wireless Business Unit Director, Altera
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Nelson C. Vincent, EdD, VP for IT and CIO, University of...
By Sharon Gietl, VP-IT & CIO, The Doe Run Company
By Arnold Leap, CIO, 1-800-Flowers.com
By Gary Barlet, CIO, USPS OIG
By Mike Dieter, CTO, Transplace
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Kevin Kometer, CIO, CME Group
By John Landwehr, Public Sector CTO, Adobe
By Marc Probst, CIO & VP, Intermountain Healthcare
By Charles Koontz, President & CEO, GE Healthcare IT & Chief...
By Jeff Bauserman, VP-Information Systems & Technology,...