Cyber attack 'KRACK'
Security gap in WLAN encryption WPA2 plugged
One day after the security vulnerability in WLAN encryption became known, the first providers of devices and software have closed the vulnerability. Network technology specialists such as Cisco, Intel, Netgear and Aruba have released security updates.
At Microsoft, the security gap has already been taken into account in the recently released software updates. Apple closed the gap in the current beta versions of its operating systems, which should be available to everyone soon.
The attack, dubbed 'KRACK', allows attackers to break, eavesdrop on and manipulate WPA2 encryption, as researchers from the Catholic University of Leuven reported on Monday. According to their own statements, they have now discovered a flaw in the four-step process used by WPA2 to exchange the keys of the sender and receiver in a WLAN. In the third step, the key can be sent several times. This security gap has made it possible to crack the encryption.
However, an attacker would have to be within range of the WLAN and have specialist knowledge in order to carry out the attack. Experts from the Wifi Alliance also pointed out that additional encryption layers such as HTTPS (e.g. for online banking) or virtual private networks (VPN) are not undermined by the KRACK attack. As a result, online banking or communication with WhatsApp via Wi-Fi remain secure because a WPA2 attacker would only be able to see encrypted data.
The German Federal Office for Information Security (BSI), on the other hand, advises users to refrain from online banking in a network secured with WPA2 for the time being. The BSI also warns against shopping online via WLAN, although most online retailers offer an encrypted transmission path that does not depend on the WPA2 standard. Only wired surfing or mobile connections are currently secure: "Use your Wi-Fi network as if you were logging into a public Wi-Fi network, for example in your favorite café or at the train station," says the BSI.
You might also be interested in
Many WLAN devices do not receive a security update
There is a potentially dangerous gap in the WLAN encryption WPA2. This is why more and more manufacturers are releasing their 'patches'. However, many devices will apparently never receive a patch, fears the discoverer of the gap.
read more...Review of the 'Forum Safety & Security 2017'
The topics covered at the WEKA trade media's 'Safety & Security Forum', which took place in Munich from July 4 to 6, 2017, ranged from product safety to protecting the entire production process. Conclusion: Safety in a company is a process that...
read more...Beverage industry neglects cyber security
How well protected is the beverage industry in the DACH region against cyber attacks? Copa-Data surveyed 228 companies from the industry on this topic - with some worrying results.
read more...Manufacturing in the focus of hackers
More than half of all phishing attacks worldwide originate from the EMEA region. Also in the focus of hackers: manufacturing. NTT Security's Global Threat Intelligence Report 2017 comes to these and other revealing conclusions.
read more...New law in China affects European companies
The new cybersecurity law issued by the Chinese government came into force on June 1. Many German and European companies are very uncertain about the extent to which they are affected by the change in the law.
read more...No accidental changes to files
CodeMeter 6.80 from Wibu-Systems supports Universal Write Filter (UWF), a Windows option from Microsoft that prevents accidental changes to files, which is particularly important for embedded systems.
read more...Security through network segments
The Microwall Gigabit from Wiesemann & Theis is the first in a series of easy-to-use security products for industry and manufacturing.
read more...Mushroom is the victim of a targeted hacker attack
The automation technology provider Pilz from Ostfildern was the victim of a targeted cyber attack on Sunday, October 13. All server and PC workstations worldwide, including the company's communication network, were affected.
read more...Four out of ten ICS computers are under threat
Kaspersky's latest report on cyber threats for the first half of 2019 shows that 41.2% of ICS (Industrial Control System) computers were exposed to an attack. The energy sector is most frequently affected - including by generic malware.
read more...