VietNamNet Bridge - Ha The Phuong, deputy CEO of CMC Infosec, has told wi-fi users not to worry about vulnerabilities in WPA/WPA2 protocol, considered the most secure encryption protocol available today.


{keywords}

Mr Ha The Phuong from CMC Infosec




The newly discovered vulnerability comes from the kernel of WPA2 which can be exploited by a new attack method called KRACK. Systems that use Android, Linux, Apple, Windows, OpenBSD, MediaTek, and Linksys all could be affected.

With the vulnerability, wi-fi systems protected by WPA2 in companies or private homes will be just like public wi-fi at cafes, and hackers can attack as if they are using computers on the same networks as the victims.

The newly discovered vulnerability comes from the kernel of WPA2 which can be exploited by a new attack method called KRACK. Systems that use Android, Linux, Apple, Windows, OpenBSD, MediaTek, and Linksys all could be affected.

However, Phuong, a security expert, in an interview with a local newspaper, affirmed that Vietnamese hackers won’t be able to carry out attacks easily, because they need to have special wi-fi transceivers. 

Even if they can steal information, the capacity of data they can decrypt will be limited. If the devices are Linux or Android, hackers will be able to decrypt more information, but the efficiency will still depend on wi-fi routers.

Meanwhile, data on Facebook, Zalo and Google is encrypted on background transmission lines, so the attacks will not really work. 

“In a word, though the vulnerability is serious, it will not be easy to carry out attacks successfully and there is no need to be too worried about that,” he said.

Technology firms applying WPA/WPA2 are still working on a patch version for the vulnerability. Microsoft on October 18 released its patch version. Phuong believes that the vulnerability will also be fixed on other devices.

The question now is whether businesses and users would use the patches. After WannaCry ransomware attack, CMC Infosec discovered that 9,000 hosts at large businesses still had not been updated with patches for the vulnerabilities related to EternalBlue. 

This shows that businesses are still not fully aware of the risk to their information systems.

Though advising users not to worry about KRACK, Phuong said it is necessary to apply measures to avoid risks.

First, businesses and organizations should avoid the use of wi-fi to transmit important data, if possible. It would be better to use wired networks, VPN or 3G/4G.

Second, it is necessary to regularly update security patches on wi-fi routers and terminal devices soon after manufacturers release the patches. The updating of patches for receivers will protect users from attacks. Third, businesses and organizations need to be ready with data backups, and regularly check their systems.


RELATED NEWS

Users vulnerable to hackers’ attacks when using public wi-fi

Ministry to crack down on the sale of illegal SIM cards


Buu Dien