A host of technology vendors including Microsoft, Cisco, Google, and Apple were moving to address a newly discovered
vulnerability that allows attackers to eavesdrop on network traffic.

Researchers this week disclosed a serious weakness in the WPA2 protocol that lets attackers within range of a vulnerable device or access point intercept data and in some cases inject ransomware or other malware onto a Website a user is visiting, according to published reports.

The vulnerability is called KRACK (for Key Reinstallation Attacks). According to researchers at Belgian university KU Leuven, serious weaknesses in WPA2—a protocol that secures all modern protected Wi-Fi networks—allow an attacker within range of a victim to read information that was previously assumed to be safely encrypted. They said attacks can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and other data. The attack method works against all modern protected Wi-Fi networks, the researchers said.

The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University said attacks may include arbitrary packet decryption and injection, TCP connection hijacking, or HTTP content injection.

The Wi-Fi Alliance, which provides security information for Wi-Fi devices, said the issue can be resolved through straightforward software updates, “and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access