PJ Networks Blog

In a world filled with ever-increasing CyberSecurity hacks, data breaches and security vulnerabilities, a new one just hit the news - and it's a major one.  The WPA2 encryption protocol used by most wireless access points, routers and the devices that connect to them has been found to have a major weakness that can be easily exploited by hackers.  The video link included in this blog post explains it and demonstrates how it works, but here is the simple explanation:

A hacker sets up a "fake" duplicate of an existing wireless network connection using the same broadcast name as the original.  So, if you had a wireless access point that broadcasts the name "SMITH-WIRELESS" that broadcasts on channel 6, the hacker would set up a cloned version of "SMITH-WIRELESS" with the same name, but broadcasting on another channel; we'll use Channel 11 for this example, and assume that one Android device is connected to it.

The malicious code used by the hacker would then force the wireless device to drop the legitimate connection on channel 6 and redirect it to the "fake" connection called "SMITH-WIRELESS" on channel 11, at which point the cloned connection allows it to connect with an encryption key that is all zeros, which makes it very easy to intercept all of the data packets flowing from the Android device to the fake network connection and out to the Internet.  At this point, the Android user would get no warning that any of the redirection had taken place.

To make things worse, the hacker can also execute another command on the Android device that strips out the security encryption that you normally are using with an HTTPS connection to a website, which then means that none of the data going out to the Internet is protected or encrypted.  A user might notice this has happened if they are paying attention to the address bar at the top of their browser and see that the connection is no longer using HTTPS.

Long story short, anything that gets typed into the Android device after switching to the cloned wireless connection is visible to the hacker, including user names, passwords, credit card numbers and other sensitive information.

If you'd like to read more about the technical details, you can check out this article from the Forbes website: https://www.forbes.com/sites/thomasbrewster/2017/10/16/krack-attack-breaks-wifi-encryption/#59d7a3882ba9

This article provides additional information: https://techcrunch.com/2017/10/16/wpa2-shown-to-be-vulnerable-to-key-reinstallation-attacks/

However, if you have four or five minutes to watch the video at the beginning of this article, it does an excellent job of demonstrating exactly what this exploit can do if allowed access to a WPA2 encrypted connection.  Here's the link to the same video on YouTube: https://youtu.be/Oh4WURZoR98

What should you do about this new security vulnerability?  We strongly recommend that you keep an eye out for any updates that become available for any of your wireless devices over the next week or two and install them immediately.  The manufacturers and vendors will be scrambling to get security updates out to all of their devices as quickly as they can, but it may take a few days for some security updates to be released.  In the meantime, please be as cautious as possible when using any kind of wireless network connection, try to not conduct any kind of financial transaction over a wireless link unless you have no other choice, and keep an eye out for those updates.

And, as always - Let's be careful out there!

     -The PJ Networks Team