New Delhi, Oct 17: You have been using your Wi-Fi thinking that the password you set to keep it protected is safe. But, according to a new revelation, your Wi-Fi is still unsafe.
Your password-protected Wi-Fi connection could be vulnerable to trespassing. Researchers Mathy Vanhoef and Frank Piessens from Belgium's KU Leuven University claim to have discovered a weakness in a Wi-Fi security protocol called WPA2 that leaves password-protected WiFi connections open to cyber-attacks and manipulation. The possible ramification of the startling discovery stretches worldwide from Allahabad to Auckland.
According to a report in "The Times of India", Researchers tested this loophole with an attack and wrote about it in a blog on Monday. They found the attack "works against all modern protected Wi-Fi networks" and against 41% of all Android devices.
Device and OS vendors are currently working on security updates.
Cybersecurity experts say that executing such an attack is difficult, and the chances of it happening on a private connection are low. However, the vulnerability is too severe to be ignored and one could use LAN instead of Wi-Fi until vendors issue a firmware update just to be safe. Both the researchers, and the WiFi Alliance, which works on setting global Wi-Fi standards, have not yet found any evidence of a malicious exploitation of this vulnerability.
The test attack through which this vulnerability was inspected is called a Key Reinstallation Attack, abbreviated to KRACK. This kind of attack does not rely on password guessing. The researchers reported the issue in July to the US Computer Emergency Readiness Team Coordination Center, and the WiFi Alliance. On Monday, Vanhoef posted the details of the KRACK vulnerability and dos and don'ts for users on a website called krackattacks.com. They have advised Wi-Fi users to contact their vendors for updates. Importantly, Vanhoef has advised users to "keep using WPA2" and not use less secure modes of connection.
Cybersecurity expert Manish Bhattacharya says that the attack or "exploit" as detailed by the Belgian researchers is difficult to execute. "It is difficult to implement. Also, in a private space, "exploit" chances are low since the attacker will have to be within range. But one would need to be careful about using public Wi-Fi," says Bhattacharya, also a "bug bounty" hunter.