By Oluwatobi Opusunju
NordVPN, a virtual private network service provider has warned that a security protocol protecting majority of Wi-Fi security has been hacked. This means that hackers within physical range of unsuspecting organizations or individual’s home can crack and gain free access to one’s Wi-Fi password, spy on one’s internet activity and intercept any unencrypted data streams.
This was made known in a recent statement issued by NordVPN. According to the statement, the security bridge is due to a severe flaw in WPA2 protocol, and the proof-of-concept exploit, called KRACK (Key Reinstallation Attacks) which allows hackers to eavesdrop on any Wi-Fi traffic passing between computers and access points.
The attack works by exploiting a four-way handshake used to establish a key for traffic encryption. During the third step of the process, the supposedly unique key can be resent multiple times. If a hacker can get it resent in a certain way, they can reuse it in a manner that completely undermines the encryption.
NordVPN recalled that the US-CERT has recently distributed an advisory to about 100 organizations, warning that the discovered weakness can allow an attacker to decrypt network traffic from a WPA2-enabled device and hijack connections.
The advisory sent to the organizations also states that it is also possible for hackers to inject and manipulate data, depending on the network configuration.
However, the CMO of NordVPN,Marty Kamden while explaining how to protect oneself from the attack noted that past experience shows that these types of vulnerabilities don’t get easily fixed which is more reason, why everyone needs to be cautious and handle internet security seriously.
“Home Wi-Fi users are especially vulnerable, as they do not have enough information on how to deal with the threat. ISPs can take years to switch to routers with a safer protocol. That’s another situation where users should take their Internet security into their own hands. Everyone should assume that their network is now vulnerable, and take precautions. Virtual Private Networks – VPNs – remain the strongest defense form for these types of vulnerabilities,” he said.
“Internet users should also look for firmware patches for their routers. Depending on their configurations, they could be potentially exploited,” added Marty P. Kamden.