Security Alert: New Attack on WPA/WPA2 Protocols Could Potentially Impact Many Wi-Fi Devices

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Security researchers have recently found a new attack on the Wi-Fi Protected Access Protocols (WPA/WPA2) which you know are security standards aimed at making your wireless networks more secure. They discovered it by accident while testing the new WPA3 security standard that was recently announced. What makes this attack different from previous attacks against WPA is that it does not require to collect a complete EAPOL (Extensible Authentication Protocol over LAN) 4-way handshake. It is performed on the RSN IE (Robust Security Network Information Element) with a simple EAPOL frame.

You can read more technical details on how this attack works here.  Hashcat developer Jens “Atom” Steube said for iTnews publication that:

“The biggest difference between the new method and prior WPA/WPA2 cracks is that an attacker no longer needs another user to be on the target network to capture credentials – “simply starting the authentication process will do”.

He also added that an attacker has to be in a physical position that allows him to record the authentication process from the Access Point (AP) and the user while waiting for the user to log into the network.

Basically, this attack is related with the PMKID (Pairwise Master Key Identifier) and its success depends on how strong and complex the PSK (Pre-Shared Key) is. This method is used by home users to enhance network security. Using this method, users enhance network security and protect their devices when connected via a Wireless network.

According to security researchers, the attack is supposed to affect all devices supporting 802.11 i/p/q/r/ networks with roaming functions enabled, which apply to most of all modern routers.

How to secure your data against Wi-fi attacks

To better secure your home Wi-Fi network, we strongly recommend to read and follow these security measures, so you can stay safe and protect your devices from being compromised:

  1. First of all, do not panic and install any update available for every device you might have in your home, even for those you haven’t thought about it in the first place, such as smartphones, smartwatches, fitness bands, laptops, digital cameras, printers, smart TVs, cars, etc. This applies also to all the applications used because most people tend to forget about hardware updates and postpone them. Update and patch everything.
  2. Set and apply a strong PSK password when configuring the WPA-PSK encryption on your router from Wireless Settings. Also, check out this easy-to-use password security guide that will help you learn how to set strong and uniques passwords for your accounts;
  3. Turn off public network sharing when you are connected to an unsecured Wi-Fi network (where no password is required) in a public place. A secure Wi-Fi network means that you need to ask for a password from the public place you’re visiting to access the Internet;
  4. We also suggest to turn OFF the Wi-Fi connection, if you don’t need or use it on a daily basis. This step-by-step guide on how to maximize your home network security may come in handy;
  5. Avoid connecting to public Wi-Fi networks, and use instead of your data plans;
  6. Make sure you access only websites that use HTTPS encryption, as an additional layer of protection;
  7. Remember to keep the firewall enabled on your operating system;
  8. You might want to use a Virtual Private Network (VPN) when setting up a connection to an unsecured public Wi-Fi;
  9. Make sure you have an antivirus program installed on your device or a multi-layered proactive security system;
  10. If you’re connected via Wi-Fi in a public place, don’t browse the Internet without having a good antispyware software program. You should connect only to secured services.

We don’t say you should become paranoid about Wi-Fi security but make sure you apply these basic security measures when it comes to securing your wireless network.

Heimdal Official logo

If you liked this post, you will enjoy our newsletter.
Receive new articles directly in your inbox

*This article features cyber intelligence provided by CSIS Security Group researchers.

The post Security Alert: New Attack on WPA/WPA2 Protocols Could Potentially Impact Many Wi-Fi Devices appeared first on Heimdal Security Blog.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
128 Followers
About Heimdal Security
We protect users and companies from cyber-criminal actions, by keeping confidential information and intellectual property safe. We build products focused on proactive cyber security and we dedicate a big part of our efforts to cyber security education for everyone.
Promoted Content
Expert Roundup: Is Internet Security a Losing Battle?
A while ago, one of our readers asked us to answer the following questions: Is Internet security a losing battle? How come companies are always 1-2 steps behind the fight? How can the bad guys respond so fast?That reader is certainly not the only one with this issue on his mind. Many Internet users feel discouraged by the current state of cyber crime and its consequences, and the rest don’t yet understand why they should care about it. We wanted to do something to change this.Naturally, users like you and me are not the only ones who wrestle this dilemma. Within the industry, cyber security experts are deeply involved in studying the causes and changes which have brought us to this point so they can create better solutions. Each of these experts brings a different perspective to the discussion, because no single person can ever claim to have the full picture.That is why we reached out to some of the most experienced cyber security specialists in the field to gather their thoughts on the topic. We believe that the questions we received are justified and they deserve an honest answer. And you will find plenty of them in the article!

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel