Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Protocol That Protects Majority of Wi-Fi Connections Has Been Hacked: How to Protect Yourself

October 2017 by Marty Kamden, CMO of NordVPN

The security protocol currently used to protect the vast majority of Wi-Fi connections has just been broken – meaning that hackers who are within physical range of someone’s home can crack anyone’s Wi-Fi password, spy on their Internet activity and intercept any unencrypted data streams.

This is due to a severe flaw in WPA2 protocol, and the proof-of-concept exploit is called KRACK (Key Reinstallation Attacks). It allows hackers to eavesdrop on any Wi-Fi traffic passing between computers and access points.

The US-CERT has recently distributed an advisory to about 100 organizations, warning that the discovered weakness can allow an attacker to decrypt network traffic from a WPA2-enabled device and hijack connections. Depending on the network configuration, it is also possible hackers could inject and manipulate data.
The attack works by exploiting a four-way handshake used to establish a key for traffic encryption. During the third step of the process, the supposedly unique key can be resent multiple times. If a hacker can get it resent in a certain way, they can reuse it in a manner that completely undermines the encryption.

“Past experience shows that these types of vulnerabilities don’t get easily fixed,” said Marty Kamden, CMO of NordVPN. “Home Wi-Fi users are especially vulnerable, as they do not have enough information how to deal with the threat. ISPs can take years to switch to routers with a safer protocol. That’s another situation where users should take their Internet security into their own hands. Everyone should assume that their network is now vulnerable, and take precautions. Virtual Private Networks – VPNs – remain the strongest defense form these types of vulnerabilities.”

A VPN will add an extra layer of security on the entire device by rerouting one’s online data through a ‘tunnel’ secured with military-grade encryption, ensuring that no third parties can eavesdrop on it. However, a VPN will not help if configured on one’s router. A user’s devices must be connected to VPN from within your network.

“Internet users should also look for firmware patches for their routers. Depending on their configurations, they could be potentially exploited,” added Marty P. Kamden.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts