WPA2 Vulnerability Threatens Healthcare Network Security


This newly discovered weakness in the Wi-Fi security protocol puts almost every connected device at risk.

Affecting all Wi-fi tools in both individual and enterprise area, this reveals data such as a shared credit card, password, message, email, and photos on network.

Dubbed KRACK, or Key Reinstallation Attacks, the weakness affects "all modern protected Wi-Fi networks", researcher Mathy Vanhoef wrote about his findings.

To exploit the vulnerability, a cybercriminal would have to launch a man-in-the-middle (MitM) attack against a WPA2-protected Wi-Fi network from within physical range of the target device. This is important because the attack is apparently "exceptionally devastating against Linux and Android 6.0 or higher". Microsoft says that it released a security fix on October 10, so anyone on the latest version of Windows 10 will be protected. By spamming a network with authentication requests, a hacker could look at all the responses and draw a conclusion about the content of the keys, thereby breaking its protections. The Computer Emergency Readiness Team has a running list of hardware vendors that are known to be affected by this, as well as links to available advisories and patches.

More news: Michelle Obama selects Columbus native to create official portrait
More news: Iraq conflict: Peshmerga 'deadline to leave Kirkuk' passes
More news: Goalkeeper dies after freak mid-game collision with teammate

According to the Wi-Fi Alliance, the issue can be resolved through software updates, and the software industry has already started providing patches to improve WPA2 encryption. "Else, you could just use LAN for some time", he says, adding that HTTPS traffic will still be hard to intercept with this kind of an attack.

Although this isn't a surefire way to protect yourself from an attack, it's a good idea to stay away from public Wi-Fi networks until the issue has been completely mitigated.

For users, the best they can do for the moment is to wait for the router manufacturers and ISPs to come up with an effective patch in the form of firmware updates to remedy the situation.

As I've previously written, the padlock indicates that traffic to and from a site is encrypted - via the HTTPS protocol- which basically means no one but that site can read any sensitive information you share. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords. "Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together".