科学美国人60秒:Keep Your Wi-Fi off KRACK
It seems every week we find out that someone broke into a big company’s databases—like the recent Equifax data breach—and made off with millions of credit card numbers, passwords and other valuable info. And now a new kind of worry: someone could hijack your wireless home network and steal your info from under your nose.
That’s the possibility raised by a couple of cybersecurity researchers from the Catholic University of Leuven in Belgium. The problem, they say, is a flaw in the very protocol meant to make wi-fi secure. That protocol is called Wi-Fi Protected Access II, WPA2. And WPA2’s weakness could allow an attacker within physical range of your wi-fi network to make a copy of that network that they could then control. The researchers call their approach a key reinstallation attack, or KRACK.
It’s important to know that a KRACK attack remains a hypothetical for now. The scientists realized the threat while investigating wireless security. They’ll present this research on November 1st at the Computer and Communications Security (CCS) conference in Dallas and in December at the Black Hat Europe conference in London.
In their KRACK scenario, wireless devices would be fooled into connecting to the bogus network. And the attacker would be able to access all of the info that devices send and receive while connected to that network—even if that info has been encrypted. Android and Linux would be especially vulnerable because of how their encryption keys are configured.
One measure of protection against such an attack would be to make sure they you’ve installed the most up-to-date versions of your apps, browsers and wireless router software. Updated software is most likely to include the security patches needed to avoid falling victim to a KRACK attack. Because chances are that KRACK won’t remain simply a proof-of-concept for long.
—Larry Greenemeier