Hackers can steal credit card numbers and passwords on networks protected by WPA2 Wi-Fi security.
(CCM) — A massive flaw has been discovered in the encryption system which is used to secure most WiFi systems, allowing hackers to steal credit card numbers, passwords, chat messages, emails, and photos, using a technique called a Key Reinstallation Attack or KRACK. In some circumstances a KRACK can also be used to manipulate data as it travels over the WiFi network, or to inject ransomware or other malware into websites, according to Mathy Vanhoef, the security researcher who revealed the flaw.
The flaw lies in the WPA2 security protocol used in homes and businesses, so any devices which use WPA2 correctly — including Android, Apple, Windows, and Linux devices, as well as most routers — are affected.
Devices running Linux or Android 6.0 or later are particularly vulnerable to a KRACK, and a hacker should be able to decrypt all the data that victims using these devices transmit relatively easily. Other devices are harder to attack so successfully, but a hacker can expect to be able to decrypt a significant amount of the data transmitted by the victim.
To prevent hackers from carrying out a KRACK, users must update their devices as soon as security updates are made available by the manufacturers, Vanhoef said.
Image: © welcomia - Shutterstock.com