What is WiFi Security Risk KRACK
What is WiFi Security Risk KRACK - We have come across with a security flaw known as KRACK which exposed the weakness in Wi-Fi Networks around the world. The flaw attack has been successful against all devices but notably against Android ones. The KRACK affects the WPA2 Protocol available in Wi-Fi Security mechanism. The person who had identified the flaw was Mathy Vanhoef. He named the security flaws as KRACK which stands for Key Reinstallation Attack.
Some thoughts related to KRACK flaws –
- According to University of Surrey Prof Alan Woodward –
This is a flaw in the standard, so potentially there is a high risk to every single wi-fi connection out there, corporate and domestic.
- According to US-Cert thesis –
US-Cert has become aware of several key management vulnerabilities in the four-way handshake of wi-fi protected access II (WPA2) security protocol.
- According to Microsoft Officials –
The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.
But Microsoft has fixed the Issue related to KRACK flaws on 10th October 2017 successfully. Some more facts related to security risks are explained in this article below. A spoofing vulnerability exists in the Windows implementation of wireless networking. An attacker who successfully exploited this vulnerability could potentially replay broadcast and/or multicast traffic to hosts on a WPA or WPA 2-protected wireless network.
Multiple conditions would need to be met in order for an attacker to exploit the vulnerability – the attacker would need to be within the physical proximity of the targeted user, and the user's computer would need to have wireless networking enabled. The attacker would then need to execute a Man-in-the-middle (MitM) attack to intercept traffic between the target computer and wireless access point. The security update addresses the vulnerability by changing how Windows verifies wireless group key handshakes.