Wireless Devices Subjected to Risk of Hacks with Wi-Fi Security Flaws
WiFi technology has become an indispensable part in our everyday lives. It has grown from a promising technology for tech-savvy early adopters to a must have for connected devices of all kind, as most of us are keen to tap into the wireless Internet from our offices and homes. At this point, researchers have revealed that there is a major flaw dubbed Key Reinstallation Attack (Krack) and Wifi connections used everywhere around the world are at risk.
Though modern higher-reliability Wi-Fi networks have their traffic encrypted by a protocol WPA or WPA-2, which protects data as it travels from a computer or smartphone to a router, if exploited, gives the attacker a skeleton key to access any WPA2 network without a password. When a system uses Wifi to connect to a router for instance, it goes through a four-step dialogue, whereby the two devices agree a key to use to secure the data being passed—called handshake. This attack starts by tricking a victim into reinstalling the live key by replaying a modified version of the original handshake. Meanwhile, a number of important set-up values can be reset, which renders certain elements of the encryption in a much weaker phase. Once they are in, they can hijack connections, and inject content into the network traffic stream. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices—positioning all the Wifi supported devices at risk.
Windows and the advanced versions of Apple’s iOS are greatly protected from the flaws, according to a researcher. To cite an example, few months back the ransomware attacks locked up computers worldwide, demanding payment from people and companies in return for renewed access to vital information and systems. However, with all these flaws the trend in Wi-Fi dependence is not slowing down, it is rather significantly increasing with greater consumer expectation.
By Chris Tjotjos, VP, Cisco Solutions Practice, Black Box...
By Laura Jackson, Sr. Manager-Risk Management, ABS Consulting
By Jason Cradit, VP of Information Systems, Willbros Group
By Steve Garske, Ph.D., Senior Vice President & Chief...
By Roman Trakhtenberg, CEO, Luxoft
By Renee P Wynn, CIO, NASA
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Andrew Macaulay, CTO, Topgolf Entertainment Group
By Dominic Casserley, President and Deputy CEO, Willis...
By Dave Nelson, SVP-Portfolio Lead, Avanade, Inc.
By Michael Cross, SVP & CIO, CommScope Holding Company Inc.
By Pauly Comtois, VP DevOps, Hearst Business Media
By Dan Adam, CIO, Extreme Networks
By Matt Schlabig, CIO, Worthington Industries
By David Tamayo, CIO, DCS Corporation
By Scott Cardenas, CIO, City and County of Denver
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Brian Drozdowicz, VP, Digital Services, Siemens...
By Les Ottolenghi, EVP and CIO, Caesars Entertainment