Huge number of Android devices vulnerable to new catastrophic Wi-Fi attack

The Next Web, 10/16/17

Earlier today, reports emerged that the popular WPA2 Wi-Fi encryption protocol was fundamentally flawed, and could allow an attacker to intercept and read traffic sent across a wireless network. Now, details are emerging about the scale and severity of the problem.

The attack – known as a key retransmission attack (or KRACK) – sees a malicious actor trick a victim into using a compromised encryption key. Troublingly, Linux and Android-based users are most at risk. According to Matty Vanhoef, who uncovered the issue, 41 percent of Android devices vulnerable to an “exceptionally devastating” variant of the WPA2 attack, which makes it “exceptionally trivial” to manipulate and intercept traffic.

That said, it’s worth noting that the researcher stressses that the issue isn’t with the implementation of the WPA2 protocol, but rather the protocol itself. In the blog post describing the issue, Vanhoef said “if your device supports Wi-Fi, it is most likely affected.”

Showing the breadth of the issue, Vanhoef named names, saying “During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.”

And ultimately, people tend to be bad at patching things. Even in 2017, it’s not uncommon to hear echoes of servers still connected to the Internet that are vulnerable to Heartbleed and Shellshock.

It’s also often the case that users aren’t presented the option to patch their devices. Android users are most at risk of this vulnerability. And yet, the Android landscape is notorious for its fractured nature, with manufacturers issuing software updates and security patches at an excruciatingly slow pace. That is, if they bother at all.

Posted on October 16, 2017 at 6:21 pm by lesliemanzara · Permalink
In: Android, Mobile Technology

Leave a Reply