Wireless Devices Subjected to Risk of Hacks with Wi-Fi Security Flaws
WiFi technology has become an indispensable part in our everyday lives. It has grown from a promising technology for tech-savvy early adopters to a must have for connected devices of all kind, as most of us are keen to tap into the wireless Internet from our offices and homes. At this point, researchers have revealed that there is a major flaw dubbed Key Reinstallation Attack (Krack) and Wifi connections used everywhere around the world are at risk.
Though modern higher-reliability Wi-Fi networks have their traffic encrypted by a protocol WPA or WPA-2, which protects data as it travels from a computer or smartphone to a router, if exploited, gives the attacker a skeleton key to access any WPA2 network without a password. When a system uses Wifi to connect to a router for instance, it goes through a four-step dialogue, whereby the two devices agree a key to use to secure the data being passed—called handshake. This attack starts by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. Meanwhile, a number of important set-up values can be reset, which renders certain elements of the encryption in a much weaker phase. Once they are in, they can hijack connections, and inject content into the network traffic stream. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices—positioning all the Wifi supported devices at risk.
Windows and the advanced versions of Apple’s iOS are greatly protected from the flaws, according to a researcher. To cite an example, few months back the ransomware attacks locked up computers worldwide, demanding payment from people and companies in return for renewed access to vital information and systems. However, with all these flaws the trend in Wi-Fi dependence is not slowing down, it is rather significantly increasing with greater consumer expectation.
By Michael Cockrill, CIO, State of Washington
By Brett Shockley, SVP & CIO, Avaya
By Sven Gerjets, SVP-IT, DIRECTV
By Steve Moyer, VP of Storage Software Engineering, Micron...
By Michelle R. McKenna-Doyle, SVP and CIO, National Football...
By Patrick Hale, CIO, VITAS Healthcare
By Roman Trakhtenberg, CEO, Luxoft
By Julia Davis, SVP, CIO, Aflac
By Chris Westlake, VP & GM of Service,RK
By Pauly Comtois, VP DevOps, Hearst Business Media
By Yanni Charalambous, VP & CIO, Occidental Petroleum...
By Bob Brown, VP-Production & Operations, ONE World Sports
By Arthur Hu, SVP & CIO, Lenovo
By Ron Guerrier, CIO, Farmers Insurance Group, Inc.
By Scott Cardenas, CIO, City and County of Denver
By Kevin McCarron, Vice President Collaboration, Carousel...
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Christopher Frenz, AVP of Information Security,...
By Brian Drozdowicz, VP, Digital Services, Siemens...
By Les Ottolenghi, EVP and CIO, Caesars Entertainment