Wifi Security Protocol WPA2 At Risk Of Man-in-the Middle Attack
If you don’t already know, a new wifi threat discovery was announced last Monday and this attack could gain momentum.
If you have wireless access points (AP) in your office or at home, please check if there are any patches to update.
If all updates are in order, you can check if the security setting on the AP is being configured to WPA2. If so, this is where the new risk comes in.
According to Mathy Vanhoef and Dan Goodin, a security editor at Ars Technica, the risk posed by WPA2 has several angles. One of them seems disturbing.
1. Attackers using a hacking tool known as KRACK can decrypt encrypted data transmitted out from the hacked AP
2. After the first step in completed, attackers using another tool known as SSLstrip to disabled https of the website a user visits! This is the disturbing one!
You might be asking what should you do if you use wireless AP in your home or work environment?
Checking patches for update.
You could consider changing security protocol. Such as switching to WEP (though in theory, this might not be as useful since WPA2 is a higher standard protection than WEP. Ability to break the former logically means it is easier to break the latter).
You could also consider using VPN. Another advice could be to avoid using wireless and switch to cable on your PCs or notebooks. This might be difficult for most smartphones and tablets.
If necessary, ask your IT colleagues for further advice.
Here is the video which demonstrates the hacking process. Stay safe.