Every Wi-Fi network at risk of unprecedented ‘Krack’ hacking attack

Every Wi-Fi connection is potentially vulnerable to an unprecedented security flaw that allows hackers to snoop on internet traffic, researchers have revealed.

The vulnerability is the first to be found in the modern encryption techniques that have been used to secure Wi-Fi networks for the last 14 years.

In theory, it allows an attacker within range of a Wi-Fi network to inject computer viruses into internet networks, and read communications like passwords, credit card numbers and photos sent over the internet.

The so-called “Krack” attack has been described as a “fundamental flaw” in wireless security techniques by experts. Apple, Android and Windows software are all susceptible to some version of the vulnerability, which is not fixed by changing Wi-Fi passwords. Tech companies have issued or are developing updates to fix it.

“It seems to affect all Wi-Fi networks, it’s a fundamental flaw in the underlying protocol, even if you’ve done everything right [your security] is broken,” said Alan Woodward of the University of Surrey’s Centre for Cyber Security.

“[It means] you can’t trust your network, you can’t assume that what’s going between your PC and router is secure.”

Most modern Wi-Fi networks have their traffic encrypted by a protocol known as WPA or WPA-2, which has existed since 2003 and until now has never been broken. This protects data as it travels from a computer or smartphone to a router, stopping hackers and spies from monitoring networks or injecting malicious code into the transfer.

Connecting to a secure network involves a four-way “handshake” between a device and a router to ensure that nobody else can decrypt the traffic. Researcher Mathy Vanhoef of the University of Leuven in Belgium found a way to install a new “key” used to encrypt the communications onto the network, allowing a hacker to gain access to the data. This could involve passwords, credit card numbers, photos and messages sent over a network to be stolen, or cyber attacks to be inserted into the traffic.

The attack cannot be carried out remotely, an attacker would have to be in range of a Wi-Fi network to carry it out. It would also not work on secured websites - those that use https at the start of their web address instead of http.

Prof Woodward said that the only way to fix the flaw would be to manually replace or patch every router in people’s homes. He said that while the attack was not technically easy, tools would soon spring up allowing criminals to carry out the attack.

 

Source : http://www.telegraph.co.uk/technology/2017/10/16/every-wi-fi-device-risk-unprecedented-krack-attack-security/

Given the complexities of digital financial world, let us put cybersecurity as core focus, for the leaks of data security can jeopardize the credibility and growth of the whole industry. For this reason, Asosiasi FinTech Indonesia fully supports Cyber Security Indonesia 2017 to create top of mind awareness on cybersecurity issue.

Niki Santo Luhur
Chairman - FinTech Indonesia Association

Now the whole industry begins to understand that it's better to prevent than to lose access and control data because of negligence to keep the data secure. Hence, this encourages APTIKNAS to endorse the implementation of Cyber Security Indonesia.

Fanky Christian
Head of DPD DKI - APTIKNAS (Indonesian ICT Business Association)

Indonesia, with its vast wealth of information is in urgent need of preventive and defensive measures against cyber threats. Other than protecting national interest, such measures are also required to protect the interest of its citizens. Actions taken may not be adequate through policies and regulations but through concrete actions involving all components of the nation. Hence LEMSANEG welcomes and endorses Cyber Security Indonesia 2017.

Major General (TNI), Dr Djoko Setiadi, M.Si
The Head of LEMSANEG (State Cryptography Agency)

ATSI (Indonesian Telecommunication Providers Association) supports Cyber Security Indonesia 2017 to encourage concern and awareness of the important needs of cyber protection system to prevent and minimise cyber crime for individuals, communities, governments and also companies in Indonesia.

Sutrisman Raden
Executive Director of ATSI