Android devices vulnerable to new catastrophic Wi-Fi attack

Reports have emerged that the popular WPA2 Wi-Fi encryption protocol was fundamentally flawed, and could allow an attacker to intercept and read traffic sent across a wireless network. Now, details are emerging about the scale and severity of the problem.

Boom! there goes another issue we have to deal with now.

The attack – known as a key retransmission attack (or KRACK) – sees a malicious actor trick a victim into using a compromised encryption key. Troublingly, Linux and Android-based users are most at risk. According to Matty Vanhoef, who uncovered the issue, 41 percent of Android devices vulnerable to an “exceptionally devastating” variant of the WPA2 attack, which makes it “exceptionally trivial” to manipulate and intercept traffic.

 That said, it’s worth noting that the researcher stressses that the issue isn’t with the implementation of the WPA2 protocol, but rather the protocol itself. In the blog post describing the issue, Vanhoef said “if your device supports Wi-Fi, it is most likely affected.”

Showing the broadth of the issue, Vanhoef named names, saying “During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.”

It’s hard to convey quite how bad this is.

On a practical level, it means an attacker can intercept traffic between devices and a router, allowing them to peek inside all non-SSL traffic. They can also interfere with traffic, theoretically allowing an individual to inject ransomware and malware into unencrypted web pages in an ad-hoc basis.

Vanhoef mentions that the issue can be resolved with a backwards-compatible software patch. This should arrive soon, as he notified vendors in July, with a broader notification issued in August.

That’s good, but it’s worth remembering that there are a staggering number of devices (I would’t be surprised if it measured in the billions) affected. Not just phones and laptops, but also embedded systems, like routers, printers, and other Wi-Fi-enabled IoT devices, which aren’t as straightforward to update.

And ultimately, people tend to be bad at patching things. Even in 2017, it’s not uncommon to hear echoes of servers still connected to the Internet that are vulnerable to Heartbleed and Shellshock.

It’s also often the case that users aren’t presented the option to patch their devices. Android users are most at risk of this vulnerability. And yet, the Android landscape is notorious for its fractured nature, with manufacturers issuing software updates and security patches at an excruciatingly slow pace. That is, if they bother at all.

kivuti kamau

Data Modelling, Design & Development

Press ESC to close