WPA2 Vulnerability Threatens Healthcare Network Security

Share

This newly discovered weakness in the Wi-Fi security protocol puts almost every connected device at risk.

Affecting all Wi-fi tools in both individual and enterprise area, this reveals data such as a shared credit card, password, message, email, and photos on network.

Dubbed KRACK, or Key Reinstallation Attacks, the weakness affects "all modern protected Wi-Fi networks", researcher Mathy Vanhoef wrote about his findings.

To exploit the vulnerability, a cybercriminal would have to launch a man-in-the-middle (MitM) attack against a WPA2-protected Wi-Fi network from within physical range of the target device. This is important because the attack is apparently "exceptionally devastating against Linux and Android 6.0 or higher". Microsoft says that it released a security fix on October 10, so anyone on the latest version of Windows 10 will be protected. By spamming a network with authentication requests, a hacker could look at all the responses and draw a conclusion about the content of the keys, thereby breaking its protections. The Computer Emergency Readiness Team has a running list of hardware vendors that are known to be affected by this, as well as links to available advisories and patches.

More news: ISIS Seige Ends in Marawi as Trump Announces Duterte Visit in Philippines
More news: Australia stands unflinching amid North Korea's nuclear threats
More news: Oil rig blast on Louisiana lake leaves man missing, 7 people hurt

According to the Wi-Fi Alliance, the issue can be resolved through software updates, and the software industry has already started providing patches to improve WPA2 encryption. "Else, you could just use LAN for some time", he says, adding that HTTPS traffic will still be hard to intercept with this kind of an attack.

Although this isn't a surefire way to protect yourself from an attack, it's a good idea to stay away from public Wi-Fi networks until the issue has been completely mitigated.

For users, the best they can do for the moment is to wait for the router manufacturers and ISPs to come up with an effective patch in the form of firmware updates to remedy the situation.

As I've previously written, the padlock indicates that traffic to and from a site is encrypted - via the HTTPS protocol- which basically means no one but that site can read any sensitive information you share. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords. "Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together".

Share