Krack Attack: All Wi-Fi Networks Worldwide Vulnerable To Snooping

Researchers warn that Wifi networks allow hackers to snoop on your traffic

Every Wi-Fi connection around the world is vulnerable to hackers snooping on your internet traffic, researchers have warned. 

The unprecedented security flaw is the first found in modern encryption technologies employed to secure Wi-Fi networks over the last 15 years.

The “Krack attack” allows hackers to inject computer viruses into internet networks, read people’s passwords and credit card numbers, and snoop on private conversations, emails and photographs sent over the web.

Telegraph.co.uk reports:  “It seems to affect all Wi-Fi networks, it’s a fundamental flaw in the underlying protocol, even if you’ve done everything right [your security] is broken,” said Alan Woodward of the University of Surrey’s Centre for Cyber Security.

“[It means] you can’t trust your network, you can’t assume that what’s going between your PC and router is secure.”

Most modern Wi-Fi networks have their traffic encrypted by a protocol known as WPA or WPA-2, which has existed since 2003 and until now has never been broken. This protects data as it travels from a computer or smartphone to a router, stopping hackers and spies from monitoring networks or injecting malicious code into the transfer.

Connecting to a secure network involves a four-way “handshake” between a device and a router to ensure that nobody else can decrypt the traffic. Researcher Mathy Vanhoef of the University of Leuven in Belgium found a way to install a new “key” used to encrypt the communications onto the network, allowing a hacker to gain access to the data. This could involve passwords, credit card numbers, photos and messages sent over a network to be stolen, or cyber attacks to be inserted into the traffic.

The attack cannot be carried out remotely, an attacker would have to be in range of a Wi-Fi network to carry it out. It would also not work on secured websites – those that use https at the start of their web address instead of http.

Prof Woodward said that the only way to fix the flaw would be to manually replace or patch every router in people’s homes. He said that while the attack was not technically easy, tools would soon spring up allowing criminals to carry out the attack.