Government agency CERT-In has warned browsing the internet using public wireless computer networks at railway stations and airports may leave you vulnerable to cyber attacks. The nodal agency for responding to computer security incidents in India has rated the vulnerability quotient of public Wi-Fi in the country at ‘high’.
“Successful exploitation of these vulnerabilities allows an attacker to obtain sensitive information such as credit card numbers, passwords, chat messages, emails etc,” CERT-In said. The Indian agency has suggested that users avoid public Wi-Fi at all costs and instead use VPN (virtual private network) and wired networks.
The note follows an international research that highlighted the vulnerability in WPA or WPA2 encryption that is most commonly used to connect to wireless networks. Researchers led by Mathy Vanhoef found that devices based on Android, iOS, Linux, macOS and Windows were among those vulnerable. They called this type of attack a key reinstallation attack, or KRACK.
This attack works by abusing design or implementation flaws in the WPA2 protocol of Wi-Fi standard, or what is known as the four-way handshake (network authentication protocol) to reinstall an already-in-use key, which then resets the key and allows the encryption protocol to be attacked, said a note by Kaspersky Labs, a data security firm. Researchers tested this loophole with an attack and wrote about it in a blog early this week. They found that the attack “works against all modern protected Wi-Fi networks” and “41% of all Android devices”.
Checkout Latest IT news at itvoir.com
Jatin Bhatia, From ITvoir News Desk