Cyber attack 'Krack'
Many WLAN devices do not receive a security update
There is a potentially dangerous gap in the WLAN encryption WPA2. This is why more and more manufacturers are releasing their 'patches'. However, many devices will apparently never receive a patch, fears the discoverer of the gap.
Belgian security researcher Mathy Vanhoef, who discovered the serious 'Krack' vulnerability in encrypted Wi-Fi networks, assumes that many affected devices will never receive an update. "I'm pretty sure of that. And that is indeed a problem," said the computer scientist in the 'Tech News Weekly' podcast. He urges the owners of these faulty devices to contact the manufacturers and demand security updates. "If a lot of users complain, maybe something will happen." Smartphones with the Android operating system in particular are no longer supplied with updates by a number of manufacturers after just a few years.
Attackers can use the attack dubbed 'Krack' to break the WPA2 Wi-Fi encryption and thus eavesdrop on and manipulate data traffic in a Wi-Fi network.
Vanhoef has announced a tool that can be used to check whether your own smartphone is affected by the vulnerability or whether the error has already been closed by updating the system software. If the gap is still open, users should ensure that the connection is established via HTTPS when surfing the web. "Then all data is properly protected." However, he and his colleagues are also looking for ways to reduce the potential impact of a 'Krack' attack, says Vanhoef. This involves protecting devices that are not supplied with an update. "However, we are still working on this."
The Belgian security researcher points out that attackers could also carry out an attack from a greater distance: "You have to be within range of the network. However, there are special antennas that can be used to connect to a WiFi network from a greater distance." This would make it possible to launch the attack from a distance of two or even three kilometers.
Vanhoef says he is not aware that the hackers already have the tools to carry out the 'Krack' attack. "But it could be that someone has already written such a program and has not yet published it. Programming software that can carry out the attack requires some technical expertise. "It could therefore take some time before such a tool is programmed. But it also remains to be seen whether such a tool will then be made public. If it were available, many people could carry out a crack attack."
You might also be interested in
Wireless and yet secure
Until now, radio has hardly played a role in safety applications. The Berlin start-up R3 Communications wants to change this with 'EchoRing', a deterministic and highly reliable real-time radio system.
read more...Cyber defense directly in the mobile network
Only 53% of Germans have protection software against cyber attacks on their smartphone - despite the fact that the number of malware programs detected is increasing daily. Deutsche Telekom now wants to intercept threats in the mobile network with...
read more...Fujitsu takes over technical management
The EU project "Protecting Digital Industries" will be launched shortly. It aims to make the digital world more secure by enabling automated risk management of IoT systems. Fujitsu is responsible for the technical management.
read more...Experts warn of new botnet
Security service providers are warning of a new powerful botnet based on the code of the well-known malware 'Mirai'. Hundreds of thousands of devices are said to have already been infected.
read more...Security gap in WLAN encryption WPA2 plugged
One day after the security vulnerability in WLAN encryption became known, the first providers of devices and software have closed the vulnerability. Network technology specialists such as Cisco, Intel, Netgear and Aruba have released security...
read more...Cyber attacks in the 1st half of 2017
Every third attack targets the manufacturing sector
According to Kaspersky, around one in three cyberattacks on computers for industrial control systems in the first half of 2017 targeted companies in the manufacturing sector. Ransomware such as WannaCry played a major role in this.
read more...IT protection for critical infrastructures
BSI certifies first KRITIS security standard
The German Federal Office for Information Security (BSI) has certified the suitability of the first industry-specific IT security standard. It concerns the nationwide protection of critical infrastructures.
read more...WannaCry, Petya - just the tip of the iceberg?
According to a report by Trend Micro, the number of ransomware families detected in 2016 rose dramatically by around 750% compared to the previous year. Industrial control systems could also increasingly become the focus of blackmailers, according...
read more...BSI warns of cyber attacks on smartphones and laptops
The German Federal Office for Information Security (BSI) discovers an average of three critical vulnerabilities in the most widely used software products every day. This also increases the risk of cyber attacks.
read more...